← volver
CVE-2026-8770

continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

CVSS 4.8 MEDIUMEPSS 0.3%CWE-22
Vexday Risk Score
33Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Prueba de concepto
Existe prueba de concepto pública, pero aún no automatizada.
CVSS 4.8EPSS 0.3%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
17 may 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Productos afectados
continuedev · continue
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.