Description
AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed as valid AIL objects.

An authenticated AIL user could craft malicious item identifiers containing path traversal sequences to cause the application to read gzip-compressed files accessible to the AIL process. This could result in unauthorized disclosure of local file contents, limited to files readable by the application and compatible with the expected gzip-compressed item format.

The issue was fixed by validating that both requested items exist before their contents are accessed.
Published: 2026-06-19
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The AIL framework’s /objects/item/diff endpoint accepts two item identifiers via the s1 and s2 query parameters but does not first confirm that the referenced items exist as valid AIL objects. An authenticated user can supply identifiers containing path traversal sequences, causing the application to read gzip‑compressed files that the AIL process can access. This leads to unauthorized disclosure of file contents, though it is limited to files readable by the application and that are compatible with the expected gzip format. The weakness is a classic path‑traversal flaw (CWE‑22).

Affected Systems

The AIL framework (ail-project:ail-framework). No specific version information is provided.

Risk and Exploitability

The vulnerability scores a CVSS 5.3, indicating moderate severity, and there is no EPSS score available or KEV listing. Because an attacker must be authenticated to reach the affected endpoint, the threat requires legitimate credentials, but once authenticated they can read any local file the AIL process has read permission for. If the filesystem is large or contains sensitive data, the potential impact can be significant, although the mechanism is not capable of arbitrary code execution.

Generated by OpenCVE AI on June 19, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the AIL framework update that incorporates commit 074f9a432702d39d7f8db07ece3a11502cf36d73, which adds validation of item identifiers before accessing item contents.
  • Ensure that the /objects/item/diff endpoint checks for the existence and validity of both referenced items prior to any file read operations.
  • Limit the privileges under which the AIL process runs and restrict authenticated user roles so that the application cannot read files beyond the allowed data store; adjust filesystem permissions accordingly.

Generated by OpenCVE AI on June 19, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Ail-project
Ail-project ail-framework
Vendors & Products Ail-project
Ail-project ail-framework

Fri, 19 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and s2 query parameters and, prior to the fix, attempted to retrieve and compare item contents without first verifying that both referenced items existed as valid AIL objects. An authenticated AIL user could craft malicious item identifiers containing path traversal sequences to cause the application to read gzip-compressed files accessible to the AIL process. This could result in unauthorized disclosure of local file contents, limited to files readable by the application and compatible with the expected gzip-compressed item format. The issue was fixed by validating that both requested items exist before their contents are accessed.
Title Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Ail-project Ail-framework
cve-icon MITRE

Status: PUBLISHED

Assigner: CIRCL

Published:

Updated: 2026-06-19T08:03:58.954Z

Reserved: 2026-06-19T08:03:52.032Z

Link: CVE-2026-56138

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T11:30:15Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')