CVE-2026-6615 Overview
A path traversal vulnerability has been identified in TransformerOptimus SuperAGI up to version 0.0.14. This vulnerability affects the Upload function within the superagi/controllers/resources.py file, specifically in the Multipart Upload Handler component. By manipulating the Name argument, an attacker can traverse file system directories, potentially accessing or overwriting files outside the intended upload directory. The vulnerability can be exploited remotely without authentication, and a proof-of-concept exploit has been made publicly available.
Critical Impact
Remote attackers can exploit this path traversal flaw to read sensitive files, overwrite critical application data, or potentially achieve code execution by uploading malicious files to executable directories.
Affected Products
- TransformerOptimus SuperAGI versions up to and including 0.0.14
- SuperAGI Multipart Upload Handler component
- superagi/controllers/resources.py Upload function
Discovery Timeline
- 2026-04-20 - CVE-2026-6615 published to NVD
- 2026-04-22 - Last updated in NVD database
Technical Details for CVE-2026-6615
Vulnerability Analysis
This path traversal vulnerability (CWE-22) exists in the file upload functionality of SuperAGI's resource controller. The core issue stems from insufficient validation of the Name parameter during multipart file uploads. When processing upload requests, the application fails to properly sanitize user-supplied filenames, allowing attackers to include directory traversal sequences (such as ../) to escape the intended upload directory.
The vulnerability is remotely exploitable and requires no authentication, making it accessible to any network-based attacker who can reach the affected endpoint. Successful exploitation could allow an attacker to write files to arbitrary locations on the filesystem, read sensitive configuration files, or potentially overwrite application code to achieve remote code execution.
Root Cause
The root cause of this vulnerability is improper input validation in the Upload function within superagi/controllers/resources.py. The application accepts user-controlled filename input from multipart form data without adequately sanitizing path traversal characters. This allows attackers to construct malicious filenames containing sequences like ../ or absolute paths to write files outside the designated upload directory. Proper input validation should normalize file paths and reject any input containing path traversal sequences or verify that the resolved path remains within the expected directory.
Attack Vector
The attack vector is network-based, requiring the attacker to send a specially crafted HTTP multipart upload request to the vulnerable endpoint. The attacker manipulates the Name argument in the upload request to include path traversal sequences.
The vulnerability can be exploited by crafting a multipart form-data request where the filename parameter contains directory traversal sequences such as ../../../etc/passwd or similar patterns. When the server processes this request, it concatenates the malicious filename with the upload directory path without proper sanitization, resulting in file operations outside the intended directory. A proof-of-concept demonstrating this attack technique is available in the GitHub Gist PoC Source. The vendor was contacted regarding this vulnerability but did not respond.
Detection Methods for CVE-2026-6615
Indicators of Compromise
- HTTP requests to upload endpoints containing ../ or URL-encoded variants (%2e%2e%2f) in filename parameters
- Unexpected file creation or modification outside designated upload directories
- Web server logs showing multipart uploads with suspicious path traversal patterns in the Name field
- Unusual file access patterns in directories that should not be writable by the web application
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block requests containing path traversal sequences in file upload parameters
- Deploy endpoint detection solutions to monitor for file system operations outside expected application directories
- Review web server access logs for patterns indicative of path traversal attempts, particularly in POST requests to resource upload endpoints
- Utilize SentinelOne's behavioral AI to detect anomalous file write operations from web application processes
Monitoring Recommendations
- Enable detailed logging for the SuperAGI application, particularly for file upload operations in the resources controller
- Configure file integrity monitoring (FIM) on critical directories to detect unauthorized file modifications
- Implement real-time alerting for any file creation attempts outside designated upload directories
- Monitor process behavior for the SuperAGI application to detect unusual file system traversal activity
How to Mitigate CVE-2026-6615
Immediate Actions Required
- Restrict network access to the vulnerable upload endpoint using firewall rules or reverse proxy configurations
- Implement input validation at the application gateway level to reject requests containing path traversal sequences
- Consider temporarily disabling the file upload functionality until a patch is available
- Review file system permissions to ensure the application runs with minimal privileges
Patch Information
No official patch is currently available from the vendor. The vendor was contacted early about this disclosure but did not respond. Organizations using SuperAGI versions up to 0.0.14 should implement the workarounds below and monitor for any future security updates. For additional technical details, refer to the VulDB Vulnerability Details.
Workarounds
- Apply input validation at the reverse proxy or WAF level to strip or reject path traversal sequences from upload requests
- Implement application-level filename sanitization by using basename extraction functions to remove directory components
- Configure the application to run in a sandboxed environment or container with restricted filesystem access
- Use chroot or similar filesystem isolation techniques to limit the application's view of the filesystem
# Configuration example - Nginx location block to reject path traversal attempts
location /api/upload {
# Reject requests with path traversal sequences
if ($request_uri ~* "\.\.") {
return 403;
}
# Additional security: limit upload directory access
client_max_body_size 10M;
proxy_pass http://superagi_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
