Zero Day MonitorZDM

← Back to list

8.8

CVE-2026-39981PATCHED

pypa · agixt

AGiXT has a Path Traversal in safe_join()

Description

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2.

Affected Products

Vendor	Product	Versions
pypa	agixt	pip/agixt: <= 1.9.1

References

https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw(x_refsource_CONFIRM)
https://github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5f(x_refsource_MISC)
https://github.com/Josh-XT/AGiXT/releases/tag/v1.9.2(x_refsource_MISC)

Related News (1 articles)

Tier C

VulDB6h ago

CVE-2026-39981 | Josh-XT AGiXT up to 1.9.1 safe_join path traversal

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

agixt@1.9.2

CWECWE-22

PublishedApr 8, 2026

Last enriched6h agov2

Tags

GHSA-5gfj-64gh-mgmwpip

Trending Score27

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-39987EXPKEV

marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

HIGHCVE-2026-40087EXP

LangChain has incomplete f-string validation in prompt templates

HIGHCVE-2026-34824

Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service

MEDIUMCVE-2026-34052

LTI JupyterHub Authenticator: Unbounded Memory Growth via Nonce Storage (Denial of Service)

HIGHCVE-2024-49048

TorchGeo Remote Code Execution Vulnerability

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 8, 2026

Discovered by ZDM

Apr 9, 2026

Patch Available

Apr 9, 2026

Updated: severity

Apr 9, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated severity to CRITICAL and noted that there is no available exploit.

severity

via VulDB

v19h ago

Initial creation