Description
A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthorized data modification or disclosure.
Published: 2026-04-22
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file write and directory creation via path traversal
Action: Assess Impact
AI Analysis

Impact

The vulnerability resides in InstructLab’s chat session handler where a local attacker can manipulate the logs_dir parameter to perform a path traversal. This flaw allows creation of new directories and writing files to any location on the system, potentially leading to unauthorized data modification or disclosure. The weakness is characterized as CWE-22 (Path Traversal).

Affected Systems

The affected product is Red Hat Enterprise Linux AI (RHEL AI) version 3.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate severity; the EPSS score is currently unavailable and the issue is not listed in CISA KEV. The likely attack vector is local; an attacker with sufficient privileges to access the chat session handler can supply crafted logs_dir values to cause arbitrary file write or directory creation. No official patch or workaround is available at this time, so the risk persists until a vendor fix is released or mitigations are applied.

Generated by OpenCVE AI on April 22, 2026 at 13:34 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Upgrade to a patched version of InstructLab or RHEL AI when such a release becomes available.
  • Restrict access to the chat session handler and the logs_dir parameter so that only trusted users can invoke it.
  • Implement server‑side validation or sanitization of the logs_dir input to block traversal sequences and enforce a fixed base directory.

Generated by OpenCVE AI on April 22, 2026 at 13:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthorized data modification or disclosure.
Title Instructlab: instructlab: path traversal allows arbitrary directory creation and file write
First Time appeared Redhat
Redhat enterprise Linux Ai
Weaknesses CWE-22
CPEs cpe:/a:redhat:enterprise_linux_ai:3
Vendors & Products Redhat
Redhat enterprise Linux Ai
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Redhat Enterprise Linux Ai
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-24T03:55:18.507Z

Reserved: 2026-04-22T12:20:39.844Z

Link: CVE-2026-6855

cve-icon Vulnrichment

Updated: 2026-04-22T18:35:01.147Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-22T13:16:22.410

Modified: 2026-04-22T21:23:52.620

Link: CVE-2026-6855

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-15T00:00:00Z

Links: CVE-2026-6855 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T13:45:18Z

Weaknesses