CVE-2026-39981
published 2026-04-09CVE-2026-39981: AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.32%
67.2th percentile
AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agixt | agixt | < 1.9.2 | 1.9.2 |
| josh-xt | agixt | < 1.9.2 | 1.9.2 |
| josh-xt | agixt | >= 0 < 1.9.2 | 1.9.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for directory traversal sequences (e.g., '../') in file path arguments passed to the safe_join() function within the AGiXT essential_abilities extension, which fails to validate that resolved paths remain within the agent workspace. ↗
- ·Exploitation requires authentication; unauthenticated attackers cannot directly exploit this directory traversal vulnerability. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Josh-XT AGiXT up to 1.9.1 safe_join path traversal
vuldb·2026-04-09·CVSS 8.8
CVE-2026-39981 [HIGH] Josh-XT AGiXT up to 1.9.1 safe_join path traversal
A vulnerability marked as critical has been reported in Josh-XT AGiXT up to 1.9.1. This affects the function safe_join. The manipulation leads to path traversal.
This vulnerability is listed as CVE-2026-39981. The attack may be initiated remotely. There is no available exploit.
It is suggested to upgrade the affected component.
GHSA
AGiXT Vulnerable to Path Traversal in safe_join()
ghsa·2026-04-08
CVE-2026-39981 [HIGH] CWE-22 AGiXT Vulnerable to Path Traversal in safe_join()
AGiXT Vulnerable to Path Traversal in safe_join()
### Summary
The safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance.
### Details
`agixt/endpoints/Extension.py:165` (source) -> `agixt/XT.py:1035` (hop) -> `agixt/extensions/essential_abilities.py:436` (sink)
```python
# source
command_args = command.command_args
# hop
response = await Extensions(...).execute_command(command_name=command_name, command_args=command_args)
# sink
new_path = os.path.normpath(os.path.join(self.WORKING_DIRECTORY, *paths.split("/")))
```
### PoC
```python
# tested on: ag
OSV
AGiXT Vulnerable to Path Traversal in safe_join()
osv·2026-04-08
CVE-2026-39981 [HIGH] AGiXT Vulnerable to Path Traversal in safe_join()
AGiXT Vulnerable to Path Traversal in safe_join()
### Summary
The safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance.
### Details
`agixt/endpoints/Extension.py:165` (source) -> `agixt/XT.py:1035` (hop) -> `agixt/extensions/essential_abilities.py:436` (sink)
```python
# source
command_args = command.command_args
# hop
response = await Extensions(...).execute_command(command_name=command_name, command_args=command_args)
# sink
new_path = os.path.normpath(os.path.join(self.WORKING_DIRECTORY, *paths.split("/")))
```
### PoC
```python
# tested on: ag
No detection rules found.
No public exploits indexed.
2026-04-09
Published