Cyber Posture

CVE-2026-39981

High

Published: 09 April 2026

Published
09 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0054 67.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to…

more

read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of file path inputs in safe_join() to ensure resolved paths remain within the agent workspace, preventing directory traversal exploitation.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of the path traversal flaw by patching AGiXT to version 1.9.2 or later, eliminating the vulnerability.

AC-3 Access Enforcement partial match
prevent

Enforces logical access controls on system resources, limiting the impact of traversed paths by denying unauthorized file read/write/delete operations.

Security SummaryAI

CVE-2026-39981 is a path traversal vulnerability (CWE-22) affecting AGiXT, a dynamic AI Agent Automation Platform, in versions prior to 1.9.2. The issue resides in the safe_join() function within the essential_abilities extension, which fails to properly validate resolved file paths against the designated agent workspace boundaries. Published on April 9, 2026, this flaw has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for severe impact across confidentiality, integrity, and availability.

An authenticated attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By crafting inputs containing directory traversal sequences (e.g., ../), the attacker can bypass path restrictions to read, write, or delete arbitrary files on the host server running the AGiXT instance, potentially leading to full server compromise.

The vulnerability is fixed in AGiXT version 1.9.2, as detailed in the project's security advisory (GHSA-5gfj-64gh-mgmw), release notes, and the patching commit (2079ea5a88fa671a921bf0b5eba887a5a1b73d5f). Security practitioners should upgrade to 1.9.2 or later and review access controls for authenticated users interacting with agent abilities.

Details

CWE(s)
CWE-22

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Matched keywords: ai

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
Why these techniques?

The path traversal vulnerability directly enables arbitrary file read (facilitating T1083 File and Directory Discovery), delete (facilitating T1070.004 File Deletion), and overall exploitation for low-to-high privilege access leading to full compromise (T1068 Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References