https://feed.craftedsignal.io/tags/cve-2026-6855/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 22 Apr 2026 13:16:22 +0000https://feed.craftedsignal.io/briefs/2026-04-instructlab-path-traversal/Wed, 22 Apr 2026 13:16:22 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-instructlab-path-traversal/A local attacker can exploit a path traversal vulnerability in InstructLab by manipulating the `logs_dir` parameter, leading to arbitrary file creation and modification.<p>CVE-2026-6855 describes a path traversal vulnerability found in InstructLab, a tool or platform that allows for interactive instruction or learning sessions. A local attacker can exploit this vulnerability by manipulating the <code>logs_dir</code> parameter within the chat session handler. This manipulation allows the attacker to bypass intended directory restrictions and gain the ability to create new directories and write files to arbitrary locations on the affected system. The vulnerability was…</p> highadvisorypath-traversalinstructlabcve-2026-6855