InstructLab Path Traversal Vulnerability (CVE-2026-6855)
A local attacker can exploit a path traversal vulnerability in InstructLab by manipulating the `logs_dir` parameter, leading to arbitrary file creation and modification.
CVE-2026-6855 describes a path traversal vulnerability found in InstructLab, a tool or platform that allows for interactive instruction or learning sessions. A local attacker can exploit this vulnerability by manipulating the logs_dir parameter within the chat session handler. This manipulation allows the attacker to bypass intended directory restrictions and gain the ability to create new directories and write files to arbitrary locations on the affected system. The vulnerability was…
Detection coverage 2
Detect Suspicious Directory Creation with Path Traversal
highDetects attempts to create directories with path traversal sequences (../) which could indicate exploitation of CVE-2026-6855.
Detect File Writes in Unusual Locations via InstructLab
mediumDetects file writes in unusual system locations originating from the InstructLab process, suggesting successful exploitation of CVE-2026-6855.
Detection queries are kept inside the platform. Get full rules →