{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-6855/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-6855"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["path-traversal","instructlab","cve-2026-6855"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-6855 describes a path traversal vulnerability found in InstructLab, a tool or platform that allows for interactive instruction or learning sessions. A local attacker can exploit this vulnerability by manipulating the \u003ccode\u003elogs_dir\u003c/code\u003e parameter within the chat session handler. This manipulation allows the attacker to bypass intended directory restrictions and gain the ability to create new directories and write files to arbitrary locations on the affected system. The vulnerability was…\u003c/p\u003e\n","date_modified":"2026-04-22T13:16:22Z","date_published":"2026-04-22T13:16:22Z","id":"/briefs/2026-04-instructlab-path-traversal/","summary":"A local attacker can exploit a path traversal vulnerability in InstructLab by manipulating the `logs_dir` parameter, leading to arbitrary file creation and modification.","title":"InstructLab Path Traversal Vulnerability (CVE-2026-6855)","url":"https://feed.craftedsignal.io/briefs/2026-04-instructlab-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-6855","version":"https://jsonfeed.org/version/1.1"}