CVE-2026-29870 - Vulnerability Details

Description

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to escape the intended checkpoint directory. This vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution depending on the deployment context.

Published: 2026-03-31

Score: 7.6 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

This flaw allows an attacker to inject a traversal sequence into the checkpoint_dir parameter of the OfflineACE.run function. The underlying save_to_file method does not normalise or validate the supplied path, enabling writes outside the intended directory. This can result in overwriting critical configuration files or binaries, potentially allowing the attacker to corrupt the application or inject malicious code.

Affected Systems

The vulnerable component is the agentic-context-engine project, versions up to 0.7.1. The exact vendor is unspecified but the source code is available for versions 0.0.x through 0.7.1, which may be deployed in various self‑hosted or cloud environments.

Risk and Exploitability

With a CVSS score of 7.6, the issue is considered high severity, and the EPSS score is not reported. The vulnerability is not listed in the CISA KEV catalog, suggesting no public exploit is documented yet. Based on the description, the likely attack vector requires the attacker to interact with the OfflineACE.run entry point, indicating either a local or remote vulnerability depending on deployment. Successful exploitation can grant the attacker arbitrary file writes, leading to privilege escalation, application corruption, or code execution based on the target environment.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade agentic-context-engine to version 0.7.2 or later.
If an upgrade is unavailable, constrain the checkpoint_dir parameter to a predetermined safe directory and perform strict path validation before writing files.
Apply filesystem permissions or ACLs to prevent the application process from writing to critical system files.
Monitor logs for unexpected file modifications or failed write operations, and review the application for unexpected code execution.
Consider deploying the service within a restricted container or sandbox to limit the impact of a potential exploitation.

Generated by OpenCVE AI on March 31, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29870.md

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Title		Agentic Context Engine Arbitrary File Write via Directory Traversal

Tue, 31 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-22
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 31 Mar 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to escape the intended checkpoint directory. This vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution depending on the deployment context.
References		https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29870.md

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-31T00:00:00.000Z

Updated: 2026-03-31T15:08:04.780Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-29870

Vulnrichment

Updated: 2026-03-31T15:04:49.006Z

NVD

Status : Received

Published: 2026-03-31T15:16:12.733

Modified: 2026-03-31T16:16:29.507

Link: CVE-2026-29870

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T19:56:57Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object