CVE-2026-8770: Path Traversal in continuedev continue
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
This vulnerability involves a path traversal issue in the lsTool function of the core/tools/implementations/lsTool.ts file within the JSON-RPC Server component of continuedev continue versions up to 1.2.22. Manipulating the dirPath argument allows an attacker with local access to traverse directories outside the intended scope. The vulnerability is rated medium severity with a CVSS 4.8 (AV:L/AC:L/PR:L/UI:N). No vendor response or patch is currently available, and the exploit code is publicly accessible.
Potential Impact
An attacker with local access and low privileges can exploit this vulnerability to perform path traversal, potentially accessing files and directories outside the intended directory. This could lead to unauthorized information disclosure or manipulation of files accessible to the application user. The impact is limited by the requirement for local access and low privileges, and there is no indication of remote exploitation or privilege escalation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official fix is available, users should limit local access to trusted users only and monitor for any updates from the vendor. Avoid running the affected versions in untrusted environments until a patch or official mitigation is released.
CVE-2026-8770: Path Traversal in continuedev continue
Description
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a path traversal issue in the lsTool function of the core/tools/implementations/lsTool.ts file within the JSON-RPC Server component of continuedev continue versions up to 1.2.22. Manipulating the dirPath argument allows an attacker with local access to traverse directories outside the intended scope. The vulnerability is rated medium severity with a CVSS 4.8 (AV:L/AC:L/PR:L/UI:N). No vendor response or patch is currently available, and the exploit code is publicly accessible.
Potential Impact
An attacker with local access and low privileges can exploit this vulnerability to perform path traversal, potentially accessing files and directories outside the intended directory. This could lead to unauthorized information disclosure or manipulation of files accessible to the application user. The impact is limited by the requirement for local access and low privileges, and there is no indication of remote exploitation or privilege escalation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official fix is available, users should limit local access to trusted users only and monitor for any updates from the vendor. Avoid running the affected versions in untrusted environments until a patch or official mitigation is released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-17T09:30:17.576Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0a5106ec166c07b00a4293
Added to database: 5/17/2026, 11:36:38 PM
Last enriched: 5/17/2026, 11:51:36 PM
Last updated: 5/20/2026, 5:13:17 PM
Views: 25
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.