CVE-2026-58173

Source
https://cve.org/CVERecord?id=CVE-2026-58173
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58173.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-58173
Published
2026-06-30T15:55:29.117Z
Modified
2026-07-16T03:31:11.464868112Z
Severity
  • 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type
Details

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype parameter in the persistent memory store to cause the application to write arbitrary Markdown files to unintended locations on the filesystem.

Database specific
{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/58xxx/CVE-2026-58173.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/hkuds/vibe-trading

Affected ranges

Type
GIT
Repo
https://github.com/hkuds/vibe-trading
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.1.10"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION",
        "REFERENCES"
    ]
}

Affected versions

v0.*
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58173.json"