CVE Catalog

CVE-2026-58173

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

A path traversal vulnerability in Vibe-Trading before version 0.1.10 allows attackers to write files outside the intended memory root directory by supplying a malicious memory_type value containing path traversal sequences. Attackers can manipulate the memory_type parameter in the persistent memory store to write arbitrary Markdown files to unintended filesystem locations.

Risk Assessment

The risk involves overwriting or creating files in sensitive system locations, potentially leading to privilege escalation, arbitrary code execution, or data integrity compromise.

Recommendation

Immediately upgrade Vibe-Trading to version 0.1.10 or later, which includes a fix for the path traversal vulnerability.

Original NVD description (English source)

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memory_type value containing path traversal sequences through the remember tool. Attackers can manipulate the memory_type parameter in the persistent memory store to cause the application to write arbitrary Markdown files to unintended locations on the filesystem.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS