Description
A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image, favicon, or screenshot storage directories. This may allow the attacker to download and read arbitrary files that are accessible to the AIL process.

The issue occurs because user-controlled path components were joined with application storage paths without verifying that the resolved path remained within the expected directory. The affected download functionality could then include the contents of such files in a generated archive.
Published: 2026-06-22
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal flaw in the AIL Framework allows an authenticated user to supply specially crafted investigation identifiers that cause the application to resolve file paths outside of the intended image, favicon, or screenshot storage directories. This defect lets the attacker download and read any file that the AIL process can access, potentially exposing sensitive data. The weakness is a classic File Path Traversal (CWE‑22).

Affected Systems

The vulnerability affects the AIL Framework from the ail project. No specific version range is listed beyond the note that the issue is fixed in the commit with identifier 0041456af25da0cdea1c1c4624e46baff2731d8f. Users running a delivery of the framework that predates this commit are potentially impacted.

Risk and Exploitability

The CVSS score of 8.3 indicates a high severity. No EPSS score is available, so the probability of exploitation cannot be quantified, and the vulnerability is not yet listed in CISA’s KEV catalog. Exploitation requires authentication and a legitimate lookup of an investigation, implying an internal or privileged user could use the flaw. Once authenticated, an attacker can craft identifiers to include any path component, leading to the execution of a download that contains arbitrary file contents bundled into an archive.

Generated by OpenCVE AI on June 22, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the AIL Framework release that incorporates commit 0041456af25da0cdea1c1c4624e46baff2731d8f or newer.
  • If an upgrade cannot be performed immediately, enforce strict directory boundary checks in the application logic to reject identifiers that resolve outside the allowed storage directories.
  • Configure the AIL process to run with the least privileges necessary, ensuring it cannot read files outside its intended data directories.

Generated by OpenCVE AI on June 22, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 22 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Ail-project
Ail-project ail-framework
Vendors & Products Ail-project
Ail-project ail-framework

Mon, 22 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authenticated AIL user can supply crafted object identifiers through the investigation workflow to cause file paths to resolve outside the intended image, favicon, or screenshot storage directories. This may allow the attacker to download and read arbitrary files that are accessible to the AIL process. The issue occurs because user-controlled path components were joined with application storage paths without verifying that the resolved path remained within the expected directory. The affected download functionality could then include the contents of such files in a generated archive.
Title Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:P'}


Subscriptions

Ail-project Ail-framework
cve-icon MITRE

Status: PUBLISHED

Assigner: CIRCL

Published:

Updated: 2026-06-22T15:48:10.172Z

Reserved: 2026-06-22T12:54:39.454Z

Link: CVE-2026-56448

cve-icon Vulnrichment

Updated: 2026-06-22T15:48:04.834Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T16:15:16Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')