Cyber Resilience

CVE-2026-29870

High

Published: 31 March 2026

Published
31 March 2026
Modified
01 April 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0013 32.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-29870 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-29870 is a directory traversal vulnerability (CWE-22) affecting the agentic-context-engine project in versions up to 0.7.1. The issue resides in the checkpoint_dir parameter passed to OfflineACE.run, where the save_to_file method in ace/skillbook.py does not properly normalize or validate filesystem paths. This flaw enables attackers to use traversal sequences to escape the intended checkpoint directory and perform arbitrary file writes on files accessible to the application process.

The vulnerability has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L), indicating it is exploitable over the network with low complexity and requires only low privileges, without user interaction. An authenticated attacker with low privileges can leverage this to overwrite arbitrary files, potentially causing application corruption, privilege escalation, or code execution based on the deployment environment and permissions of the process.

For mitigation details, refer to the security advisory at https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29870.md, published on 2026-03-31.

EU & UK References

Vulnerability details

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to escape the…

more

intended checkpoint directory. This vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution depending on the deployment context.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Arbitrary file write via path traversal (CWE-22) on a remotely exploitable app directly enables T1190 (remote app exploitation), T1105 (writing/transferring files to disk), and T1068 (file overwrite for privilege escalation or code execution).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-62630Shared CWE-22
CVE-2025-60786Shared CWE-22
CVE-2025-27590Shared CWE-22
CVE-2026-41180Shared CWE-22
CVE-2025-12422Shared CWE-22
CVE-2026-7398Shared CWE-22
CVE-2026-39308Shared CWE-22
CVE-2026-42520Shared CWE-22
CVE-2026-32727Shared CWE-22
CVE-2026-40258Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and normalization of filesystem path inputs like checkpoint_dir to prevent directory traversal and confine file writes to the intended checkpoint directory.

prevent

Mandates timely identification, reporting, and correction of the specific path validation flaw in ace/skillbook.py's save_to_file method to eliminate the vulnerability.

prevent

Employs least privilege for the application process to limit the scope and impact of arbitrary file writes to only authorized resources.

References