{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/nagaagent--5.1.0/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7784"}],"_cs_exploited":false,"_cs_products":["NagaAgent (\u003c= 5.1.0)"],"_cs_severities":["medium"],"_cs_tags":["path-traversal","web-application","cve-2026-7784"],"_cs_type":"advisory","_cs_vendors":["RTGS2017"],"content_html":"\u003cp\u003eRTGS2017 NagaAgent, a software application, is susceptible to a path traversal vulnerability (CVE-2026-7784) affecting versions up to 5.1.0. The vulnerability lies within the Skills Endpoint, specifically during the processing of the \u003ccode\u003eName\u003c/code\u003e argument in the \u003ccode\u003eapiserver/routes/extensions.py\u003c/code\u003e file. An attacker can remotely exploit this flaw to gain unauthorized access to files and directories on the system. A public exploit is available, increasing the risk of exploitation. The vendor has been notified, but has yet to respond to the vulnerability report. This lack of response elevates concern as the vulnerability has been actively disclosed.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable RTGS2017 NagaAgent instance running version 5.1.0 or earlier.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the Skills Endpoint.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a \u003ccode\u003eName\u003c/code\u003e argument with path traversal characters (e.g., \u003ccode\u003e../\u003c/code\u003e, \u003ccode\u003e..\\\\\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize the \u003ccode\u003eName\u003c/code\u003e argument before using it to construct a file path.\u003c/li\u003e\n\u003cli\u003eThe application attempts to access a file or directory outside of the intended base directory.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive files or directories on the server, potentially including configuration files or user data.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the exposed information to further compromise the system or network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability allows attackers to read arbitrary files on the affected system. This can lead to the exposure of sensitive information such as configuration files, credentials, or user data. An attacker could potentially leverage this access to escalate privileges, move laterally within the network, or cause denial of service. The full scope of impact depends on the specific files and directories that are accessible to the attacker.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade RTGS2017 NagaAgent to a patched version that addresses CVE-2026-7784 (if a patch becomes available).\u003c/li\u003e\n\u003cli\u003eImplement input validation on the \u003ccode\u003eName\u003c/code\u003e argument within the Skills Endpoint to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect RTGS2017 NagaAgent Path Traversal Attempt\u0026rdquo; to identify exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences targeting the \u003ccode\u003eapiserver/routes/extensions.py\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T00:16:17Z","date_published":"2026-05-05T00:16:17Z","id":"/briefs/2026-05-nagaagent-path-traversal/","summary":"RTGS2017 NagaAgent up to version 5.1.0 is vulnerable to path traversal via manipulation of the 'Name' argument in the Skills Endpoint, potentially leading to unauthorized file access.","title":"RTGS2017 NagaAgent Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-nagaagent-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — NagaAgent (\u003c= 5.1.0)","version":"https://jsonfeed.org/version/1.1"}