https://feed.craftedsignal.io/tags/file-write/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 30 Apr 2026 08:46:41 +0000https://feed.craftedsignal.io/briefs/2026-05-cups-path-traversal/Thu, 30 Apr 2026 08:46:41 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-cups-path-traversal/CVE-2026-34978 is a path traversal vulnerability in OpenPrinting CUPS that allows writing files outside the CacheDir/rss directory, potentially overwriting the job.cache file.CVE-2026-34978 is a path traversal vulnerability affecting OpenPrinting CUPS, a modular printing system that allows a computer to act as a print server. The vulnerability exists within the RSS notify-recipient-uri functionality, which improperly validates file paths. By crafting a malicious URI, an attacker can write files outside the intended CacheDir/rss directory. This can lead to the overwriting of critical system files, such as job.cache, potentially disrupting print services and, in some scenarios, leading to arbitrary code execution. This vulnerability was disclosed by Microsoft and requires immediate attention from system administrators to prevent potential exploitation.

Attack Chain

1. An attacker crafts a malicious RSS notify-recipient-uri containing a path traversal sequence (e.g., “../”).
2. The crafted URI is submitted to the CUPS server through a print job request or a configuration setting.
3. CUPS processes the URI and attempts to write a file to the specified location.
4. Due to the path traversal vulnerability, the file is written outside the intended CacheDir/rss directory.
5. The attacker overwrites a critical file, such as job.cache, with malicious content.
6. The CUPS server attempts to access the overwritten file.
7. If job.cache is successfully overwritten, the attacker can gain control of the print queue or cause a denial of service by corrupting the print system’s state.
8. In a more advanced scenario, the attacker could potentially achieve arbitrary code execution by overwriting other binaries or configuration files.

Impact

Successful exploitation of CVE-2026-34978 can lead to denial of service by corrupting the printing system state. By overwriting critical CUPS files, an attacker can disrupt printing services. In more critical scenarios, the vulnerability could be leveraged to achieve arbitrary code execution, potentially allowing the attacker to gain complete control over the affected system. The scope of the impact is dependent on the permissions of the CUPS process and the specific files that are overwritten.

Recommendation

• Apply the security patch provided by OpenPrinting to address CVE-2026-34978.
• Monitor CUPS server logs for suspicious activity related to file writes outside the CacheDir/rss directory. Consider deploying the provided Sigma rule Detect CUPS Path Traversal File Write to identify such attempts.
• Implement strict input validation on any user-supplied data that is used to construct file paths within CUPS.
• Regularly review and audit CUPS configuration settings to ensure that they are secure and do not allow for path traversal vulnerabilities.

]]>highadvisorypath traversalcupscve-2026-34978file writehttps://feed.craftedsignal.io/briefs/2026-04-openclaw-symlink/Tue, 28 Apr 2026 00:16:25 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-openclaw-symlink/OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files by uploading a malicious tar archive containing symlinks, leading to arbitrary file write on the remote host.OpenClaw versions before 2026.3.31 are vulnerable to a symlink following issue within the SSH sandbox tar upload functionality. This vulnerability, identified as CVE-2026-41364, allows a remote attacker with the ability to upload tar archives to the OpenClaw instance to potentially escape the intended sandbox environment. By crafting a malicious tar archive containing carefully constructed symbolic links, an attacker can overwrite arbitrary files on the remote host, leading to a compromise of the system’s integrity. This vulnerability was reported and patched in version 2026.3.31. Defenders need to ensure they are running patched versions to mitigate the risk of exploitation.

Attack Chain

1. Attacker authenticates to the OpenClaw instance via SSH, gaining access to the restricted sandbox environment.
2. Attacker crafts a malicious tar archive containing symbolic links pointing outside the intended sandbox directory. These symlinks are designed to target specific files or directories on the host system that the attacker wishes to overwrite.
3. Attacker uploads the malicious tar archive to the OpenClaw instance using the SSH sandbox tar upload functionality.
4. OpenClaw extracts the contents of the uploaded tar archive without properly validating or restricting the target paths of the symbolic links.
5. During extraction, the symbolic links are followed, causing files to be written outside the intended sandbox directory.
6. The attacker overwrites arbitrary files on the remote host with attacker-controlled content.
7. The attacker achieves arbitrary code execution or persistence by overwriting critical system files or configuration files.
8. The attacker escalates privileges by modifying binaries used by privileged users.

Impact

Successful exploitation of this vulnerability allows a remote attacker with low privileges to write arbitrary files on the OpenClaw server. This can lead to a variety of impacts, including arbitrary code execution, privilege escalation, and denial of service. An attacker could potentially gain complete control over the OpenClaw server by overwriting critical system files. Given the potential for complete system compromise, this vulnerability poses a significant risk to organizations using affected versions of OpenClaw.

Recommendation

• Upgrade OpenClaw to version 2026.3.31 or later to patch CVE-2026-41364.
• Deploy the Sigma rule “Detect Suspicious Tar Archive Upload with Symlinks” to detect attempts to upload malicious tar archives containing symbolic links.
• Monitor SSH logs for suspicious activity related to tar archive uploads to the OpenClaw instance.

]]>highadvisorysymlinkfile-writesandbox-escapehttps://feed.craftedsignal.io/briefs/2026-04-deerflow-path-traversal/Fri, 17 Apr 2026 17:17:09 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-deerflow-path-traversal/ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed, allowing attackers to write files outside the intended custom-agent directory.ByteDance DeerFlow, a software of unknown purpose, prior to commit 2176b2b, is vulnerable to path traversal and arbitrary file write. The vulnerability lies within the bootstrap-mode custom-agent creation process, specifically due to insufficient validation of the agent name. This flaw allows attackers to bypass intended directory restrictions and write files to arbitrary locations on the system, provided they have the necessary filesystem permissions. The vulnerability was reported on April 17, 2026 and has been assigned CVE-2026-40518. Exploitation of this vulnerability could lead to privilege escalation and system compromise. Defenders should prioritize patching or mitigating this vulnerability to prevent unauthorized file modifications.

Attack Chain

1. Attacker gains low-privileged access to the DeerFlow application.
2. Attacker initiates the creation of a custom agent in bootstrap mode.
3. The attacker crafts a malicious agent name containing path traversal sequences (e.g., “../”, absolute paths).
4. The DeerFlow application fails to properly validate the agent name.
5. The application uses the attacker-supplied agent name to create directories.
6. The path traversal in the agent name allows the application to create directories outside the intended custom-agent directory.
7. The attacker uploads files as part of the custom agent creation.
8. The application writes these files to the attacker-controlled location, resulting in arbitrary file write.

Impact

Successful exploitation of this vulnerability allows attackers to write arbitrary files to the file system, potentially overwriting system files or planting malicious executables. This could lead to privilege escalation, arbitrary code execution, and complete system compromise. While the number of affected installations is unknown, any system running a vulnerable version of ByteDance DeerFlow is susceptible to this attack. The severity is compounded by the ease of exploitation, requiring only low-privileged access.

Recommendation

• Apply the patch or upgrade to a version of ByteDance DeerFlow that includes commit 2176b2b to remediate the vulnerability referenced by CVE-2026-40518.
• Implement the Sigma rule Detect Suspicious DeerFlow Agent Creation to detect exploitation attempts targeting CVE-2026-40518 by monitoring process creation events.
• Monitor web server logs for unusual activity related to custom agent creation endpoints in DeerFlow to detect potential exploitation attempts.

]]>highadvisorypath-traversalfile-writebytedancedeerflowhttps://feed.craftedsignal.io/briefs/2026-04-saltcorn-file-write/Sat, 11 Apr 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-saltcorn-file-write/Unauthenticated attackers can exploit a vulnerability in Saltcorn versions prior to 1.4.5, 1.5.5, and 1.6.0-beta.4 to write arbitrary files and list directory contents on the server.Saltcorn, a no-code database application builder, is vulnerable to an unauthenticated arbitrary file write vulnerability. Specifically, versions prior to 1.4.5, 1.5.5, and 1.6.0-beta.4 are affected. An attacker can leverage the POST /sync/offline_changes endpoint to create arbitrary directories and write a changes.json file with attacker-controlled content anywhere on the server’s filesystem. Subsequently, the GET /sync/upload_finished endpoint allows an unauthenticated attacker to list directory contents and read specific JSON files. This combination of actions allows for complete control of the application, potentially leading to remote code execution. This vulnerability is resolved in Saltcorn versions 1.4.5, 1.5.5, and 1.6.0-beta.4.

Attack Chain

1. The attacker sends a POST request to the /sync/offline_changes endpoint.
2. This POST request includes crafted JSON content intended to be written to a changes.json file.
3. The server creates arbitrary directories based on the attacker’s specifications within the POST request.
4. The server writes the attacker-supplied JSON content to the changes.json file in the created directory.
5. The attacker sends a GET request to the /sync/upload_finished endpoint.
6. The GET request specifies the directory the attacker previously created.
7. The server lists the contents of the specified directory, including the changes.json file.
8. The attacker reads the contents of the changes.json file. Successful exploitation allows arbitrary file creation, directory listing, and reading of file contents.

Impact

Successful exploitation of this vulnerability allows an unauthenticated attacker to write arbitrary files and list directory contents on the Saltcorn server. This can lead to complete compromise of the application, including remote code execution, data theft, and denial of service. Given that Saltcorn is used in various sectors to build database applications, the potential impact is significant across multiple industries.

Recommendation

• Upgrade Saltcorn to version 1.4.5, 1.5.5, or 1.6.0-beta.4 or later to patch CVE-2026-40163.
• Deploy the Sigma rule Detect Saltcorn Offline Changes Endpoint Abuse to detect suspicious POST requests to the /sync/offline_changes endpoint.
• Deploy the Sigma rule Detect Saltcorn Upload Finished Endpoint Abuse to detect suspicious GET requests to the /sync/upload_finished endpoint.
• Monitor web server logs for unexpected POST requests to /sync/offline_changes and GET requests to /sync/upload_finished (webserver log source).

]]>criticaladvisorysaltcornfile-writevulnerabilityhttps://feed.craftedsignal.io/briefs/2026-04-bugsink-file-write/Sat, 11 Apr 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-bugsink-file-write/BugSink 2.1.0 is vulnerable to an authenticated file write vulnerability (CVE-2026-40162) allowing an attacker with a valid authentication token to write arbitrary content to the filesystem, potentially leading to code execution or data compromise.BugSink, a self-hosted error tracking tool, is susceptible to an authenticated file write vulnerability in version 2.1.0. This vulnerability, identified as CVE-2026-40162, allows an attacker with a valid authentication token to write attacker-controlled content to a filesystem location writable by the BugSink process. The flaw resides in the artifact bundle assembly flow. Successful exploitation could allow an attacker to achieve arbitrary code execution on the BugSink server or compromise sensitive data. Organizations using BugSink 2.1.0 are vulnerable and should upgrade to version 2.1.1 to remediate the issue. This poses a risk to the confidentiality, integrity, and availability of the BugSink server and the data it manages.

Attack Chain

1. Attacker obtains valid authentication token for BugSink 2.1.0 through legitimate means (e.g., compromised user credentials) or by exploiting another vulnerability.
2. Attacker crafts a malicious artifact bundle containing attacker-controlled content.
3. Attacker sends a request to the BugSink server to assemble an artifact bundle, including the malicious content, using the valid authentication token.
4. BugSink server, running version 2.1.0, processes the request without proper validation of the artifact bundle contents.
5. The server writes the attacker-controlled content to a filesystem location writable by the BugSink process. This could overwrite existing files or create new ones.
6. If the attacker overwrites critical configuration files or injects malicious code into executable files, they may achieve code execution.
7. Attacker establishes a reverse shell or uses other methods to gain remote access to the BugSink server.
8. Attacker performs further actions such as data exfiltration, lateral movement, or denial of service.

Impact

Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution on the BugSink server, potentially leading to complete system compromise. Attackers could exfiltrate sensitive data, modify existing data, or use the compromised server to launch attacks against other systems. The vulnerability affects any BugSink 2.1.0 installation with a user who has a valid authentication token, and it requires a upgrade to version 2.1.1 to remediate.

Recommendation

• Upgrade BugSink to version 2.1.1 immediately to patch CVE-2026-40162, as per the vendor’s advisory.
• Monitor web server logs for unusual POST requests to the artifact bundle assembly endpoints, which may indicate exploitation attempts. Deploy the Sigma rule Detect Suspicious BugSink File Write to your SIEM.
• Implement strict input validation and sanitization for all user-supplied data processed by BugSink, to prevent similar file write vulnerabilities in the future.
• Review and enforce least privilege access controls on the BugSink server, limiting the write access of the BugSink process to only the necessary files and directories.
• Monitor file system events for unexpected file creations or modifications within the BugSink installation directory.

]]>highadvisorycve-2026-40162file-writeauthenticationhttps://feed.craftedsignal.io/briefs/2026-04-prompts-chat-traversal/Sat, 04 Apr 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-prompts-chat-traversal/A path traversal vulnerability exists in prompts.chat prior to commit 0f8d4c3, allowing attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames.prompts.chat, a software application, is vulnerable to a path traversal attack (CVE-2026-22661) in versions prior to commit 0f8d4c3. This vulnerability stems from insufficient server-side validation of filenames within skill file archives. A remote attacker can exploit this by crafting malicious ZIP archives that contain filenames with path traversal sequences (e.g., ../). When a vulnerable prompts.chat instance extracts these archives, the lack of proper sanitization allows the attacker to write files to arbitrary locations on the file system, potentially overwriting critical system files and achieving arbitrary code execution. This poses a significant risk to system integrity and confidentiality.

Attack Chain

1. The attacker crafts a malicious ZIP archive containing a specially crafted skill file.
2. The filenames within the ZIP archive include path traversal sequences such as ../.
3. The attacker uploads the malicious ZIP archive to the prompts.chat application.
4. prompts.chat processes the uploaded ZIP archive without properly sanitizing the filenames.
5. The application extracts the contents of the ZIP archive, writing files to locations specified in the malicious filenames.
6. Path traversal sequences in the filenames allow the attacker to write files outside the intended extraction directory.
7. The attacker overwrites shell initialization files (e.g., .bashrc, .profile, .bash_profile) or other executable files.
8. When a user logs in or a new shell is spawned, the overwritten initialization file executes malicious code, granting the attacker arbitrary code execution on the system.

Impact

Successful exploitation of CVE-2026-22661 allows an attacker to write arbitrary files to the client system, leading to potential overwrite of sensitive system files and arbitrary code execution. The vulnerability affects systems running vulnerable versions of prompts.chat. The impact includes complete compromise of the system, data theft, and further propagation of malicious activities.

Recommendation

• Apply the patch by upgrading to commit 0f8d4c3 or later to remediate CVE-2026-22661.
• Implement server-side filename validation and sanitization to prevent path traversal attacks when handling ZIP archives within prompts.chat.
• Deploy the Sigma rules provided in this brief to your SIEM to detect potential exploitation attempts.
• Monitor web server logs for suspicious requests containing path traversal sequences in filenames as identified by the provided rules.

]]>highadvisorypath-traversalfile-writecode-executioncve-2026-22661prompts.chatlinuxhttps://feed.craftedsignal.io/briefs/2024-01-04-mobile-mcp-path-traversal/Fri, 27 Mar 2026 19:13:17 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-04-mobile-mcp-path-traversal/The @mobilenext/mobile-mcp package before version 0.0.49 is vulnerable to a Path Traversal vulnerability in the mobile_save_screenshot and mobile_start_screen_recording tools where the `saveTo` and `output` parameters are passed directly to filesystem operations without validation, potentially allowing an attacker to write files outside the intended workspace, leading to privilege escalation and persistence by overwriting sensitive host files.The @mobilenext/mobile-mcp npm package, versions prior to 0.0.49, contains a critical path traversal vulnerability. This flaw stems from the mobile_save_screenshot and mobile_start_screen_recording tools which improperly handle user-supplied paths. Specifically, the saveTo parameter in mobile_save_screenshot and the output parameter in mobile_start_screen_recording are passed directly to filesystem write operations without adequate validation. This oversight enables a malicious actor to write arbitrary files to locations outside of the intended workspace. A successful exploit of this vulnerability allows for the potential overwriting of sensitive system files, enabling privilege escalation and persistence on the host system.

Attack Chain

1. An attacker gains control over the saveTo or output parameter of the vulnerable functions. This could be achieved through a malicious application, supply chain attack, or other means of code injection.
2. The attacker crafts a path containing traversal sequences (e.g., ../) designed to navigate outside of the intended save directory.
3. The attacker calls the mobile_save_screenshot or mobile_start_screen_recording tool with the manipulated path as the saveTo or output parameter, respectively.
4. The vulnerable function passes the attacker-controlled path to fs.writeFileSync() without validation.
5. fs.writeFileSync() writes the screenshot or screen recording data to the attacker-specified path.
6. If the path leads to a sensitive system file (e.g., ~/.bashrc, ~/.ssh/authorized_keys), it is overwritten with the contents of the screenshot or screen recording.
7. The attacker can overwrite configuration files or executables in order to achieve code execution.
8. The attacker achieves persistence and/or elevated privileges on the system.

Impact

Successful exploitation of this path traversal vulnerability can have severe consequences. An attacker can overwrite critical system files, such as shell configuration files (.bashrc, .zshrc), SSH authorized keys (.ssh/authorized_keys), or application configuration files. This can lead to arbitrary code execution, privilege escalation, and persistent backdoor access to the affected system. The reported impact includes potential for a broken shell and unauthorized access. All users of @mobilenext/mobile-mcp versions prior to 0.0.49 are vulnerable.

Recommendation

• Upgrade to @mobilenext/mobile-mcp version 0.0.49 or later to remediate the vulnerability.
• Implement robust input validation for all file paths used in file system operations. Specifically, validate the saveTo and output parameters of the mobile_save_screenshot and mobile_start_screen_recording functions.
• Deploy the Sigma rule “Detect Mobile-MCP Path Traversal Attempts” to your SIEM to detect attempts to exploit this vulnerability.
• Monitor application logs for unusual file access patterns or attempts to write to sensitive system directories.

]]>highadvisorypath-traversalfile-writeprivilege-escalationpersistence