TransformerOptimus SuperAGI Path Traversal Vulnerability
A path traversal vulnerability (CVE-2026-6615) exists in TransformerOptimus SuperAGI version 0.0.14, allowing remote attackers to read or write arbitrary files via manipulation of the 'Name' argument in the Multipart Upload Handler component.
TransformerOptimus SuperAGI version 0.0.14 is vulnerable to a path traversal vulnerability (CVE-2026-6615) in the Multipart Upload Handler component, specifically affecting the Upload function within the superagi/controllers/resources.py file. This vulnerability allows a remote attacker to manipulate the Name argument to read or write files outside of the intended directory. The vulnerability has been publicly disclosed, and proof-of-concept exploit code is available, increasing the risk of widespread exploitation. The vendor was contacted about the vulnerability but did not respond, suggesting that a patch may not be immediately available. This vulnerability poses a significant risk to systems running affected versions of SuperAGI.
Attack Chain
- The attacker identifies a vulnerable SuperAGI instance running version 0.0.14.
- The attacker crafts a malicious HTTP request targeting the Multipart Upload Handler.
- Within the request, the attacker manipulates the
Nameargument with a path traversal payload, such as../../../../etc/passwd. - The SuperAGI application processes the request without proper sanitization of the
Nameargument. - The application attempts to write or read a file to the path specified in the manipulated
Nameargument. - Due to the path traversal vulnerability, the attacker can read sensitive files, such as configuration files or system files.
- Alternatively, the attacker can overwrite existing files or create new files in arbitrary locations, potentially leading to code execution.
- The attacker leverages the ability to read/write arbitrary files to compromise the SuperAGI instance or the underlying system.
Impact
Successful exploitation of this path traversal vulnerability (CVE-2026-6615) can allow attackers to read sensitive files from the SuperAGI server, potentially exposing credentials, API keys, or other confidential information. Attackers can also overwrite critical system files or upload malicious code, leading to arbitrary code execution and complete system compromise. Given the nature of SuperAGI as an AI automation platform, a successful attack could result in the theft or manipulation of sensitive data processed by the platform, as well as the deployment of malicious AI models.
Recommendation
- Monitor web server logs for suspicious requests containing path traversal sequences (e.g.,
../,../../) in thecs-uri-queryandcs-uri-stemfields, particularly targeting thesuperagi/controllers/resources.pyendpoint, using the Sigma rule provided below. - Inspect file creation events for files created outside of the expected SuperAGI upload directory, especially if the process creating the files originates from the web server. Use the file creation Sigma rule.
- Implement input validation and sanitization for the
Nameargument in the Multipart Upload Handler to prevent path traversal attacks. Consider using a whitelist approach to restrict allowed characters and paths. - Since a patch is not available, consider deploying a web application firewall (WAF) rule to block requests containing path traversal attempts targeting the vulnerable endpoint.
- Monitor network traffic for connections originating from the SuperAGI server to unusual or suspicious IP addresses, which could indicate post-exploitation activity.
Detection coverage 2
Detect SuperAGI Path Traversal Attempt via Web Logs
highDetects potential path traversal attempts against the SuperAGI Multipart Upload Handler by analyzing web server logs for suspicious URI queries.
Detect Suspicious File Creation by Web Server (SuperAGI)
mediumDetects creation of files outside the expected upload directory by the web server process, potentially indicating path traversal exploitation in SuperAGI.
Detection queries are available on the platform. Get full rules →