Ghostwire

CVE-2026-58173: Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the...

MEDIUM CVSS 0.0

Published: June 30, 2026 | Last Modified: June 30, 2026

Description

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memory_type value containing path traversal sequences through the remember tool. Attackers can manipulate the memory_type parameter in the persistent memory store to cause the application to write arbitrary Markdown files to unintended locations on the filesystem.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References