CVE-2026-13509

Source
https://cve.org/CVERecord?id=CVE-2026-13509
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13509.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-13509
Published
2026-06-28T22:00:11.403Z
Modified
2026-07-15T01:49:07.177720414Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
RAGapp Knowledge File files.py FileHandler.remove_file path traversal
Details

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.uploadfile/FileHandler.removefile of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

Database specific
{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/13xxx/CVE-2026-13509.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "0.1.0"
                },
                {
                    "last_affected": "0.1.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/ragapp/ragapp

Affected ranges

Type
GIT
Repo
https://github.com/ragapp/ragapp
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.1.1"
        },
        {
            "last_affected": "0.1.1"
        },
        {
            "introduced": "0.1.2"
        },
        {
            "last_affected": "0.1.2"
        },
        {
            "introduced": "0.1.3"
        },
        {
            "last_affected": "0.1.3"
        },
        {
            "introduced": "0.1.4"
        },
        {
            "last_affected": "0.1.4"
        },
        {
            "introduced": "0.1.5"
        },
        {
            "last_affected": "0.1.5"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

0.*
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
v0.*
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-13509.json"