Description
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2.
Published: 2026-04-09
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Read/Write/Deletion
Action: Immediate Patch
AI Analysis

Impact

The safe_join() function in AGiXT’s essential_abilities extension does not enforce that resolved file paths remain inside the intended agent workspace. An authenticated attacker can exploit directory traversal sequences to read, write, or delete arbitrary files on the server that hosts the AGiXT instance. This weakness allows an attacker to compromise confidentiality and integrity of files and, if deletion is performed, disrupt availability. The issue is categorized as a Path Traversal flaw (CWE‑22).

Affected Systems

Vendor Josh‑XT produces the AGiXT platform. All releases older than version 1.9.2 contain the flaw; the vulnerability was fixed in AGiXT v1.9.2. Installations running 1.9.1 or earlier are at risk and should be updated.

Risk and Exploitability

The CVSS score of 8.8 signals high severity. The vulnerability requires that the attacker first authenticate to the AGiXT instance; once authenticated, the attacker can traverse directories and manipulate files across the host. EPSS data is not available, and the vulnerability is not yet listed in the CISA KEV catalog. Nevertheless, given the high severity and the nature of the flaw, the potential for serious impact exists if an attacker gains authenticated access.

Generated by OpenCVE AI on April 9, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update AGiXT to version 1.9.2 or later
  • Restrict authenticated access to trusted users only

Generated by OpenCVE AI on April 9, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5gfj-64gh-mgmw AGiXT Vulnerable to Path Traversal in safe_join()
History

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Josh-xt
Josh-xt agixt
Vendors & Products Josh-xt
Josh-xt agixt

Thu, 09 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2.
Title AGiXT has a Path Traversal in safe_join()
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Josh-xt Agixt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-13T20:10:13.881Z

Reserved: 2026-04-08T00:01:47.628Z

Link: CVE-2026-39981

cve-icon Vulnrichment

Updated: 2026-04-13T20:10:09.959Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-09T18:17:02.350

Modified: 2026-04-13T15:02:27.760

Link: CVE-2026-39981

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:32:02Z

Weaknesses