{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39981", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-08T00:01:47.628Z", "datePublished": "2026-04-09T17:01:27.069Z", "dateUpdated": "2026-04-13T20:10:13.881Z"}, "containers": {"cna": {"title": "AGiXT has a Path Traversal in safe_join()", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw"}, {"name": "https://github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5f", "tags": ["x_refsource_MISC"], "url": "https://github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5f"}, {"name": "https://github.com/Josh-XT/AGiXT/releases/tag/v1.9.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/Josh-XT/AGiXT/releases/tag/v1.9.2"}], "affected": [{"vendor": "Josh-XT", "product": "AGiXT", "versions": [{"version": "< 1.9.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T17:01:27.069Z"}, "descriptions": [{"lang": "en", "value": "AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2."}], "source": {"advisory": "GHSA-5gfj-64gh-mgmw", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T20:10:01.620594Z", "id": "CVE-2026-39981", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:10:13.881Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-39981", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-13T20:10:01.620594Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T20:10:09.959Z"}}], "cna": {"title": "AGiXT has a Path Traversal in safe_join()", "source": {"advisory": "GHSA-5gfj-64gh-mgmw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Josh-XT", "product": "AGiXT", "versions": [{"status": "affected", "version": "< 1.9.2"}]}], "references": [{"url": "https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw", "name": "https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5f", "name": "https://github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/Josh-XT/AGiXT/releases/tag/v1.9.2", "name": "https://github.com/Josh-XT/AGiXT/releases/tag/v1.9.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-09T17:01:27.069Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39981", "state": "PUBLISHED", "dateUpdated": "2026-04-13T20:10:13.881Z", "dateReserved": "2026-04-08T00:01:47.628Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-09T17:01:27.069Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:agixt:agixt:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F449F33-93CD-4458-90EA-D08F96F8B919", "versionEndExcluding": "1.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2."}], "id": "CVE-2026-39981", "lastModified": "2026-05-13T15:52:11.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-09T18:17:02.350", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5f"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/Josh-XT/AGiXT/releases/tag/v1.9.2"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.9.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AGiXT", "source": "cna", "vendor": "Josh-XT"}, "product": "agixt", "vendor": "josh-xt"}], "analysis": {"en": {"generated_at": "2026-04-09T18:50:16.878374+00:00", "value": {"mitigation_remediation": ["Update AGiXT to version 1.9.2 or later", "Restrict authenticated access to trusted users only"], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Read/Write/Deletion"}, "threat_synthesis": {"affected_systems": "Vendor Josh\u2011XT produces the AGiXT platform. All releases older than version 1.9.2 contain the flaw; the vulnerability was fixed in AGiXT\u202fv1.9.2. Installations running 1.9.1 or earlier are at risk and should be updated.", "description_and_impact": "The safe_join() function in AGiXT\u2019s essential_abilities extension does not enforce that resolved file paths remain inside the intended agent workspace. An authenticated attacker can exploit directory traversal sequences to read, write, or delete arbitrary files on the server that hosts the AGiXT instance. This weakness allows an attacker to compromise confidentiality and integrity of files and, if deletion is performed, disrupt availability. The issue is categorized as a Path Traversal flaw (CWE\u201122).", "risk_and_exploitability": "The CVSS score of 8.8 signals high severity. The vulnerability requires that the attacker first authenticate to the AGiXT instance; once authenticated, the attacker can traverse directories and manipulate files across the host. EPSS data is not available, and the vulnerability is not yet listed in the CISA KEV catalog. Nevertheless, given the high severity and the nature of the flaw, the potential for serious impact exists if an attacker gains authenticated access."}}}}, "created": "2026-04-10T08:52:50.942379+00:00", "updated": "2026-04-10T09:32:02.414983+00:00", "vendors": ["josh-xt", "josh-xt$PRODUCT$agixt"]}