{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/file-write/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":6.5,"id":"CVE-2026-34978"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["path traversal","cups","cve-2026-34978","file write"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-34978 is a path traversal vulnerability affecting OpenPrinting CUPS, a modular printing system that allows a computer to act as a print server. The vulnerability exists within the RSS notify-recipient-uri functionality, which improperly validates file paths. By crafting a malicious URI, an attacker can write files outside the intended CacheDir/rss directory. This can lead to the overwriting of critical system files, such as job.cache, potentially disrupting print services and, in some scenarios, leading to arbitrary code execution. This vulnerability was disclosed by Microsoft and requires immediate attention from system administrators to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious RSS notify-recipient-uri containing a path traversal sequence (e.g., \u0026ldquo;../\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eThe crafted URI is submitted to the CUPS server through a print job request or a configuration setting.\u003c/li\u003e\n\u003cli\u003eCUPS processes the URI and attempts to write a file to the specified location.\u003c/li\u003e\n\u003cli\u003eDue to the path traversal vulnerability, the file is written outside the intended CacheDir/rss directory.\u003c/li\u003e\n\u003cli\u003eThe attacker overwrites a critical file, such as job.cache, with malicious content.\u003c/li\u003e\n\u003cli\u003eThe CUPS server attempts to access the overwritten file.\u003c/li\u003e\n\u003cli\u003eIf job.cache is successfully overwritten, the attacker can gain control of the print queue or cause a denial of service by corrupting the print system\u0026rsquo;s state.\u003c/li\u003e\n\u003cli\u003eIn a more advanced scenario, the attacker could potentially achieve arbitrary code execution by overwriting other binaries or configuration files.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-34978 can lead to denial of service by corrupting the printing system state. By overwriting critical CUPS files, an attacker can disrupt printing services. In more critical scenarios, the vulnerability could be leveraged to achieve arbitrary code execution, potentially allowing the attacker to gain complete control over the affected system. The scope of the impact is dependent on the permissions of the CUPS process and the specific files that are overwritten.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patch provided by OpenPrinting to address CVE-2026-34978.\u003c/li\u003e\n\u003cli\u003eMonitor CUPS server logs for suspicious activity related to file writes outside the CacheDir/rss directory. Consider deploying the provided Sigma rule \u003ccode\u003eDetect CUPS Path Traversal File Write\u003c/code\u003e to identify such attempts.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation on any user-supplied data that is used to construct file paths within CUPS.\u003c/li\u003e\n\u003cli\u003eRegularly review and audit CUPS configuration settings to ensure that they are secure and do not allow for path traversal vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T08:46:41Z","date_published":"2026-04-30T08:46:41Z","id":"/briefs/2026-05-cups-path-traversal/","summary":"CVE-2026-34978 is a path traversal vulnerability in OpenPrinting CUPS that allows writing files outside the CacheDir/rss directory, potentially overwriting the job.cache file.","title":"OpenPrinting CUPS Path Traversal Vulnerability (CVE-2026-34978)","url":"https://feed.craftedsignal.io/briefs/2026-05-cups-path-traversal/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-41364"}],"_cs_exploited":false,"_cs_products":["OpenClaw"],"_cs_severities":["high"],"_cs_tags":["symlink","file-write","sandbox-escape"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eOpenClaw versions before 2026.3.31 are vulnerable to a symlink following issue within the SSH sandbox tar upload functionality. This vulnerability, identified as CVE-2026-41364, allows a remote attacker with the ability to upload tar archives to the OpenClaw instance to potentially escape the intended sandbox environment. By crafting a malicious tar archive containing carefully constructed symbolic links, an attacker can overwrite arbitrary files on the remote host, leading to a compromise of the system\u0026rsquo;s integrity. This vulnerability was reported and patched in version 2026.3.31. Defenders need to ensure they are running patched versions to mitigate the risk of exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the OpenClaw instance via SSH, gaining access to the restricted sandbox environment.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious tar archive containing symbolic links pointing outside the intended sandbox directory. These symlinks are designed to target specific files or directories on the host system that the attacker wishes to overwrite.\u003c/li\u003e\n\u003cli\u003eAttacker uploads the malicious tar archive to the OpenClaw instance using the SSH sandbox tar upload functionality.\u003c/li\u003e\n\u003cli\u003eOpenClaw extracts the contents of the uploaded tar archive without properly validating or restricting the target paths of the symbolic links.\u003c/li\u003e\n\u003cli\u003eDuring extraction, the symbolic links are followed, causing files to be written outside the intended sandbox directory.\u003c/li\u003e\n\u003cli\u003eThe attacker overwrites arbitrary files on the remote host with attacker-controlled content.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution or persistence by overwriting critical system files or configuration files.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges by modifying binaries used by privileged users.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker with low privileges to write arbitrary files on the OpenClaw server. This can lead to a variety of impacts, including arbitrary code execution, privilege escalation, and denial of service. An attacker could potentially gain complete control over the OpenClaw server by overwriting critical system files. Given the potential for complete system compromise, this vulnerability poses a significant risk to organizations using affected versions of OpenClaw.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.3.31 or later to patch CVE-2026-41364.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Tar Archive Upload with Symlinks\u0026rdquo; to detect attempts to upload malicious tar archives containing symbolic links.\u003c/li\u003e\n\u003cli\u003eMonitor SSH logs for suspicious activity related to tar archive uploads to the OpenClaw instance.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T00:16:25Z","date_published":"2026-04-28T00:16:25Z","id":"/briefs/2026-04-openclaw-symlink/","summary":"OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files by uploading a malicious tar archive containing symlinks, leading to arbitrary file write on the remote host.","title":"OpenClaw Symlink Vulnerability in SSH Sandbox Tar Upload (CVE-2026-41364)","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-symlink/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-40518"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["path-traversal","file-write","bytedance","deerflow"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eByteDance DeerFlow, a software of unknown purpose, prior to commit 2176b2b, is vulnerable to path traversal and arbitrary file write. The vulnerability lies within the bootstrap-mode custom-agent creation process, specifically due to insufficient validation of the agent name. This flaw allows attackers to bypass intended directory restrictions and write files to arbitrary locations on the system, provided they have the necessary filesystem permissions. The vulnerability was reported on April 17, 2026 and has been assigned CVE-2026-40518. Exploitation of this vulnerability could lead to privilege escalation and system compromise. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized file modifications.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains low-privileged access to the DeerFlow application.\u003c/li\u003e\n\u003cli\u003eAttacker initiates the creation of a custom agent in bootstrap mode.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious agent name containing path traversal sequences (e.g., \u0026ldquo;../\u0026rdquo;, absolute paths).\u003c/li\u003e\n\u003cli\u003eThe DeerFlow application fails to properly validate the agent name.\u003c/li\u003e\n\u003cli\u003eThe application uses the attacker-supplied agent name to create directories.\u003c/li\u003e\n\u003cli\u003eThe path traversal in the agent name allows the application to create directories outside the intended custom-agent directory.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads files as part of the custom agent creation.\u003c/li\u003e\n\u003cli\u003eThe application writes these files to the attacker-controlled location, resulting in arbitrary file write.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to write arbitrary files to the file system, potentially overwriting system files or planting malicious executables. This could lead to privilege escalation, arbitrary code execution, and complete system compromise. While the number of affected installations is unknown, any system running a vulnerable version of ByteDance DeerFlow is susceptible to this attack. The severity is compounded by the ease of exploitation, requiring only low-privileged access.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a version of ByteDance DeerFlow that includes commit 2176b2b to remediate the vulnerability referenced by CVE-2026-40518.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u003ccode\u003eDetect Suspicious DeerFlow Agent Creation\u003c/code\u003e to detect exploitation attempts targeting CVE-2026-40518 by monitoring process creation events.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual activity related to custom agent creation endpoints in DeerFlow to detect potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-17T17:17:09Z","date_published":"2026-04-17T17:17:09Z","id":"/briefs/2026-04-deerflow-path-traversal/","summary":"ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed, allowing attackers to write files outside the intended custom-agent directory.","title":"ByteDance DeerFlow Path Traversal and Arbitrary File Write Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-deerflow-path-traversal/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2026-40163"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["saltcorn","file-write","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSaltcorn, a no-code database application builder, is vulnerable to an unauthenticated arbitrary file write vulnerability. Specifically, versions prior to 1.4.5, 1.5.5, and 1.6.0-beta.4 are affected. An attacker can leverage the POST \u003ccode\u003e/sync/offline_changes\u003c/code\u003e endpoint to create arbitrary directories and write a \u003ccode\u003echanges.json\u003c/code\u003e file with attacker-controlled content anywhere on the server\u0026rsquo;s filesystem. Subsequently, the GET \u003ccode\u003e/sync/upload_finished\u003c/code\u003e endpoint allows an unauthenticated attacker to list directory contents and read specific JSON files. This combination of actions allows for complete control of the application, potentially leading to remote code execution. This vulnerability is resolved in Saltcorn versions 1.4.5, 1.5.5, and 1.6.0-beta.4.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a POST request to the \u003ccode\u003e/sync/offline_changes\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThis POST request includes crafted JSON content intended to be written to a \u003ccode\u003echanges.json\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe server creates arbitrary directories based on the attacker\u0026rsquo;s specifications within the POST request.\u003c/li\u003e\n\u003cli\u003eThe server writes the attacker-supplied JSON content to the \u003ccode\u003echanges.json\u003c/code\u003e file in the created directory.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a GET request to the \u003ccode\u003e/sync/upload_finished\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe GET request specifies the directory the attacker previously created.\u003c/li\u003e\n\u003cli\u003eThe server lists the contents of the specified directory, including the \u003ccode\u003echanges.json\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003eThe attacker reads the contents of the \u003ccode\u003echanges.json\u003c/code\u003e file. Successful exploitation allows arbitrary file creation, directory listing, and reading of file contents.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an unauthenticated attacker to write arbitrary files and list directory contents on the Saltcorn server. This can lead to complete compromise of the application, including remote code execution, data theft, and denial of service. Given that Saltcorn is used in various sectors to build database applications, the potential impact is significant across multiple industries.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Saltcorn to version 1.4.5, 1.5.5, or 1.6.0-beta.4 or later to patch CVE-2026-40163.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Saltcorn Offline Changes Endpoint Abuse\u003c/code\u003e to detect suspicious POST requests to the \u003ccode\u003e/sync/offline_changes\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Saltcorn Upload Finished Endpoint Abuse\u003c/code\u003e to detect suspicious GET requests to the \u003ccode\u003e/sync/upload_finished\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unexpected POST requests to \u003ccode\u003e/sync/offline_changes\u003c/code\u003e and GET requests to \u003ccode\u003e/sync/upload_finished\u003c/code\u003e (webserver log source).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-11T12:00:00Z","date_published":"2026-04-11T12:00:00Z","id":"/briefs/2026-04-saltcorn-file-write/","summary":"Unauthenticated attackers can exploit a vulnerability in Saltcorn versions prior to 1.4.5, 1.5.5, and 1.6.0-beta.4 to write arbitrary files and list directory contents on the server.","title":"Unauthenticated Arbitrary File Write in Saltcorn","url":"https://feed.craftedsignal.io/briefs/2026-04-saltcorn-file-write/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-40162"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-40162","file-write","authentication"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eBugSink, a self-hosted error tracking tool, is susceptible to an authenticated file write vulnerability in version 2.1.0. This vulnerability, identified as CVE-2026-40162, allows an attacker with a valid authentication token to write attacker-controlled content to a filesystem location writable by the BugSink process. The flaw resides in the artifact bundle assembly flow. Successful exploitation could allow an attacker to achieve arbitrary code execution on the BugSink server or compromise sensitive data. Organizations using BugSink 2.1.0 are vulnerable and should upgrade to version 2.1.1 to remediate the issue. This poses a risk to the confidentiality, integrity, and availability of the BugSink server and the data it manages.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker obtains valid authentication token for BugSink 2.1.0 through legitimate means (e.g., compromised user credentials) or by exploiting another vulnerability.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious artifact bundle containing attacker-controlled content.\u003c/li\u003e\n\u003cli\u003eAttacker sends a request to the BugSink server to assemble an artifact bundle, including the malicious content, using the valid authentication token.\u003c/li\u003e\n\u003cli\u003eBugSink server, running version 2.1.0, processes the request without proper validation of the artifact bundle contents.\u003c/li\u003e\n\u003cli\u003eThe server writes the attacker-controlled content to a filesystem location writable by the BugSink process. This could overwrite existing files or create new ones.\u003c/li\u003e\n\u003cli\u003eIf the attacker overwrites critical configuration files or injects malicious code into executable files, they may achieve code execution.\u003c/li\u003e\n\u003cli\u003eAttacker establishes a reverse shell or uses other methods to gain remote access to the BugSink server.\u003c/li\u003e\n\u003cli\u003eAttacker performs further actions such as data exfiltration, lateral movement, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution on the BugSink server, potentially leading to complete system compromise. Attackers could exfiltrate sensitive data, modify existing data, or use the compromised server to launch attacks against other systems. The vulnerability affects any BugSink 2.1.0 installation with a user who has a valid authentication token, and it requires a upgrade to version 2.1.1 to remediate.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade BugSink to version 2.1.1 immediately to patch CVE-2026-40162, as per the vendor\u0026rsquo;s advisory.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual POST requests to the artifact bundle assembly endpoints, which may indicate exploitation attempts. Deploy the Sigma rule \u003ccode\u003eDetect Suspicious BugSink File Write\u003c/code\u003e to your SIEM.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all user-supplied data processed by BugSink, to prevent similar file write vulnerabilities in the future.\u003c/li\u003e\n\u003cli\u003eReview and enforce least privilege access controls on the BugSink server, limiting the write access of the BugSink process to only the necessary files and directories.\u003c/li\u003e\n\u003cli\u003eMonitor file system events for unexpected file creations or modifications within the BugSink installation directory.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-11T12:00:00Z","date_published":"2026-04-11T12:00:00Z","id":"/briefs/2026-04-bugsink-file-write/","summary":"BugSink 2.1.0 is vulnerable to an authenticated file write vulnerability (CVE-2026-40162) allowing an attacker with a valid authentication token to write arbitrary content to the filesystem, potentially leading to code execution or data compromise.","title":"BugSink Authenticated File Write Vulnerability (CVE-2026-40162)","url":"https://feed.craftedsignal.io/briefs/2026-04-bugsink-file-write/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-22661"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["path-traversal","file-write","code-execution","cve-2026-22661","prompts.chat","linux"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eprompts.chat, a software application, is vulnerable to a path traversal attack (CVE-2026-22661) in versions prior to commit 0f8d4c3. This vulnerability stems from insufficient server-side validation of filenames within skill file archives. A remote attacker can exploit this by crafting malicious ZIP archives that contain filenames with path traversal sequences (e.g., ../). When a vulnerable prompts.chat instance extracts these archives, the lack of proper sanitization allows the attacker to write files to arbitrary locations on the file system, potentially overwriting critical system files and achieving arbitrary code execution. This poses a significant risk to system integrity and confidentiality.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious ZIP archive containing a specially crafted skill file.\u003c/li\u003e\n\u003cli\u003eThe filenames within the ZIP archive include path traversal sequences such as \u003ccode\u003e../\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads the malicious ZIP archive to the prompts.chat application.\u003c/li\u003e\n\u003cli\u003eprompts.chat processes the uploaded ZIP archive without properly sanitizing the filenames.\u003c/li\u003e\n\u003cli\u003eThe application extracts the contents of the ZIP archive, writing files to locations specified in the malicious filenames.\u003c/li\u003e\n\u003cli\u003ePath traversal sequences in the filenames allow the attacker to write files outside the intended extraction directory.\u003c/li\u003e\n\u003cli\u003eThe attacker overwrites shell initialization files (e.g., \u003ccode\u003e.bashrc\u003c/code\u003e, \u003ccode\u003e.profile\u003c/code\u003e, \u003ccode\u003e.bash_profile\u003c/code\u003e) or other executable files.\u003c/li\u003e\n\u003cli\u003eWhen a user logs in or a new shell is spawned, the overwritten initialization file executes malicious code, granting the attacker arbitrary code execution on the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-22661 allows an attacker to write arbitrary files to the client system, leading to potential overwrite of sensitive system files and arbitrary code execution. The vulnerability affects systems running vulnerable versions of prompts.chat. The impact includes complete compromise of the system, data theft, and further propagation of malicious activities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch by upgrading to commit 0f8d4c3 or later to remediate CVE-2026-22661.\u003c/li\u003e\n\u003cli\u003eImplement server-side filename validation and sanitization to prevent path traversal attacks when handling ZIP archives within prompts.chat.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences in filenames as identified by the provided rules.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-04T12:00:00Z","date_published":"2026-04-04T12:00:00Z","id":"/briefs/2026-04-prompts-chat-traversal/","summary":"A path traversal vulnerability exists in prompts.chat prior to commit 0f8d4c3, allowing attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames.","title":"prompts.chat Path Traversal Vulnerability (CVE-2026-22661)","url":"https://feed.craftedsignal.io/briefs/2026-04-prompts-chat-traversal/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["path-traversal","file-write","privilege-escalation","persistence"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003e@mobilenext/mobile-mcp\u003c/code\u003e npm package, versions prior to 0.0.49, contains a critical path traversal vulnerability. This flaw stems from the \u003ccode\u003emobile_save_screenshot\u003c/code\u003e and \u003ccode\u003emobile_start_screen_recording\u003c/code\u003e tools which improperly handle user-supplied paths. Specifically, the \u003ccode\u003esaveTo\u003c/code\u003e parameter in \u003ccode\u003emobile_save_screenshot\u003c/code\u003e and the \u003ccode\u003eoutput\u003c/code\u003e parameter in \u003ccode\u003emobile_start_screen_recording\u003c/code\u003e are passed directly to filesystem write operations without adequate validation. This oversight enables a malicious actor to write arbitrary files to locations outside of the intended workspace. A successful exploit of this vulnerability allows for the potential overwriting of sensitive system files, enabling privilege escalation and persistence on the host system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains control over the \u003ccode\u003esaveTo\u003c/code\u003e or \u003ccode\u003eoutput\u003c/code\u003e parameter of the vulnerable functions. This could be achieved through a malicious application, supply chain attack, or other means of code injection.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a path containing traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e) designed to navigate outside of the intended save directory.\u003c/li\u003e\n\u003cli\u003eThe attacker calls the \u003ccode\u003emobile_save_screenshot\u003c/code\u003e or \u003ccode\u003emobile_start_screen_recording\u003c/code\u003e tool with the manipulated path as the \u003ccode\u003esaveTo\u003c/code\u003e or \u003ccode\u003eoutput\u003c/code\u003e parameter, respectively.\u003c/li\u003e\n\u003cli\u003eThe vulnerable function passes the attacker-controlled path to \u003ccode\u003efs.writeFileSync()\u003c/code\u003e without validation.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003efs.writeFileSync()\u003c/code\u003e writes the screenshot or screen recording data to the attacker-specified path.\u003c/li\u003e\n\u003cli\u003eIf the path leads to a sensitive system file (e.g., \u003ccode\u003e~/.bashrc\u003c/code\u003e, \u003ccode\u003e~/.ssh/authorized_keys\u003c/code\u003e), it is overwritten with the contents of the screenshot or screen recording.\u003c/li\u003e\n\u003cli\u003eThe attacker can overwrite configuration files or executables in order to achieve code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves persistence and/or elevated privileges on the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability can have severe consequences. An attacker can overwrite critical system files, such as shell configuration files (\u003ccode\u003e.bashrc\u003c/code\u003e, \u003ccode\u003e.zshrc\u003c/code\u003e), SSH authorized keys (\u003ccode\u003e.ssh/authorized_keys\u003c/code\u003e), or application configuration files. This can lead to arbitrary code execution, privilege escalation, and persistent backdoor access to the affected system. The reported impact includes potential for a broken shell and unauthorized access. All users of \u003ccode\u003e@mobilenext/mobile-mcp\u003c/code\u003e versions prior to 0.0.49 are vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003e@mobilenext/mobile-mcp\u003c/code\u003e version 0.0.49 or later to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation for all file paths used in file system operations. Specifically, validate the \u003ccode\u003esaveTo\u003c/code\u003e and \u003ccode\u003eoutput\u003c/code\u003e parameters of the \u003ccode\u003emobile_save_screenshot\u003c/code\u003e and \u003ccode\u003emobile_start_screen_recording\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Mobile-MCP Path Traversal Attempts\u0026rdquo; to your SIEM to detect attempts to exploit this vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor application logs for unusual file access patterns or attempts to write to sensitive system directories.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-27T19:13:17Z","date_published":"2026-03-27T19:13:17Z","id":"/briefs/2024-01-04-mobile-mcp-path-traversal/","summary":"The @mobilenext/mobile-mcp package before version 0.0.49 is vulnerable to a Path Traversal vulnerability in the mobile_save_screenshot and mobile_start_screen_recording tools where the `saveTo` and `output` parameters are passed directly to filesystem operations without validation, potentially allowing an attacker to write files outside the intended workspace, leading to privilege escalation and persistence by overwriting sensitive host files.","title":"@mobilenext/mobile-mcp Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-04-mobile-mcp-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — File-Write","version":"https://jsonfeed.org/version/1.1"}