PYSEC-2026-1265

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/composio-core/PYSEC-2026-1265.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1265
Aliases
Published
2026-07-07T14:34:41.353705Z
Modified
2026-07-07T17:47:11.973042724Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
Composio Path Traversal vulnerability
Details

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

PyPI / composio-core

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.5.8

Affected versions

0.*
0.1.82
0.1.83
0.1.84
0.1.87
0.1.88
0.1.89
0.1.90
0.1.91
0.1.92
0.1.93
0.1.94
0.1.95
0.1.96
0.1.97
0.1.98
0.1.99
0.1.100
0.1.101
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.14
0.2.15
0.2.16
0.2.17
0.2.18
0.2.19
0.2.20
0.2.21
0.2.22
0.2.32
0.2.33
0.2.34
0.2.35
0.2.36rc1
0.2.36rc2
0.2.36
0.2.37
0.2.38
0.2.39
0.2.40
0.2.41
0.2.44
0.2.46
0.2.47
0.2.48
0.2.49
0.2.50
0.2.51
0.2.52
0.2.54
0.2.55
0.2.56
0.2.59
0.2.60
0.2.63
0.2.64
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.9rc1
0.3.9rc2
0.3.9rc3
0.3.9rc4
0.3.9
0.3.10
0.3.11
0.3.12
0.3.13
0.3.14
0.3.15
0.3.16
0.3.17
0.3.18rc0
0.3.18rc1
0.3.18rc2
0.3.18
0.3.19
0.3.20rc0
0.3.20rc1
0.3.20
0.3.22
0.3.23rc0
0.3.23
0.3.24
0.3.25
0.3.26
0.3.27
0.3.28
0.3.29
0.3.30
0.4.0
0.4.1
0.4.2rc1
0.4.2rc2
0.4.2
0.4.3
0.4.4
0.4.5rc0
0.4.5rc1
0.4.5
0.5.0rc0
0.5.0rc1
0.5.0rc2
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/composio-core/PYSEC-2026-1265.yaml"