CVE-2026-7784

High

Published: 05 May 2026

Published

05 May 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0002 5.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to…

launch the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

Security SummaryAI

CVE-2026-7784 is a path traversal vulnerability (CWE-22) affecting RTGS2017 NagaAgent versions up to 5.1.0. The issue resides in the processing of the file apiserver/routes/extensions.py within the Skills Endpoint component, where manipulation of the "Name" argument enables traversal outside intended directories. Assigned a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), it was published on 2026-05-05.

Remote attackers require only network access to exploit this vulnerability, with no privileges, user interaction, or special conditions needed due to its low attack complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized file reads, modifications, or disruptions within the affected agent's scope.

Advisories from VulDB and the project's GitHub repository indicate the vulnerability was reported early via issue #311, but the maintainers have not responded or issued patches as of the latest information. The exploit has been publicly disclosed and may be actively used by attackers.

Notable context includes the lack of vendor response, increasing risk for deployments of NagaAgent up to 5.1.0, with the GitHub repository serving as a primary reference for potential monitoring or manual fixes.

Details

CWE(s): CWE-22

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Path traversal in unauthenticated network-accessible Skills Endpoint directly enables T1190 (exploit of public-facing app) and facilitates T1005 (arbitrary local file reads/modifications).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/RTGS2017/NagaAgent/
cna@vuldb.com
https://github.com/RTGS2017/NagaAgent/issues/311
cna@vuldb.com
https://vuldb.com/submit/807744
cna@vuldb.com
https://vuldb.com/vuln/360981
cna@vuldb.com
https://vuldb.com/vuln/360981/cti
cna@vuldb.com