CVE-2026-6615 Overview
CVE-2026-6615 is a path traversal vulnerability in TransformerOptimus SuperAGI through version 0.0.14. The flaw resides in the Upload function of superagi/controllers/resources.py, part of the Multipart Upload Handler component. Attackers can manipulate the Name argument to traverse directories and write files outside the intended upload directory. The issue can be exploited remotely without authentication, and a public proof-of-concept has been released. The vendor was contacted prior to disclosure but did not respond.
Critical Impact
Remote unauthenticated attackers can write files to arbitrary locations on the host, enabling tampering with application data, configuration files, or other resources accessible to the SuperAGI process.
Affected Products
- TransformerOptimus SuperAGI versions up to and including 0.0.14
- Component: superagi/controllers/resources.py Multipart Upload Handler
- Function: Upload (vulnerable Name parameter)
Discovery Timeline
- 2026-04-20 - CVE-2026-6615 published to NVD
- 2026-04-29 - Last updated in NVD database
Technical Details for CVE-2026-6615
Vulnerability Analysis
The vulnerability is classified as Path Traversal under CWE-22. The Upload function in superagi/controllers/resources.py accepts a user-supplied Name argument as part of a multipart upload request. The application uses this value to construct the destination file path without normalizing or validating directory traversal sequences such as ../. Because the upload endpoint is reachable over the network and requires no authentication, any remote actor can submit a crafted request that writes files outside the intended resource directory.
Root Cause
The root cause is the absence of input sanitization on the Name parameter inside the multipart upload handler. The function concatenates attacker-controlled input directly into a filesystem path. SuperAGI does not enforce a canonical base directory check before opening the destination file for write, allowing parent-directory references to escape the upload sandbox.
Attack Vector
An attacker sends a multipart upload request to the SuperAGI resources endpoint with a Name value containing traversal sequences (for example, ../../etc/cron.d/payload). The server writes the uploaded content to the resolved location. Depending on the privileges of the SuperAGI process, this can be used to overwrite configuration files, drop files into directories monitored by scheduled jobs, or stage follow-on code execution. A public PoC is available in the GitHub Gist PoC Repository.
No verified code example is available. Refer to the VulDB Vulnerability #358250 entry for additional technical context.
Detection Methods for CVE-2026-6615
Indicators of Compromise
- Multipart upload requests to SuperAGI resource endpoints containing ../, ..\, or URL-encoded variants (%2e%2e%2f) in the Name field.
- Files appearing outside the configured SuperAGI resources directory with timestamps matching upload activity.
- Web access logs showing POST requests to the Upload handler from unexpected source addresses.
Detection Strategies
- Inspect HTTP request bodies on the SuperAGI API for Name parameters containing path separators or traversal sequences.
- Monitor the SuperAGI process for file write operations targeting paths outside its working directory.
- Compare filesystem state against a known-good baseline to identify unauthorized file creation.
Monitoring Recommendations
- Enable verbose access logging on the SuperAGI service and forward logs to a centralized analysis platform.
- Alert on writes by the SuperAGI service account to sensitive directories such as /etc, ~/.ssh, or application configuration paths.
- Track outbound connections from the SuperAGI host that follow file write events, which may indicate successful exploitation chained to remote payloads.
How to Mitigate CVE-2026-6615
Immediate Actions Required
- Restrict network exposure of SuperAGI instances to trusted networks or place them behind authenticated reverse proxies.
- Run SuperAGI as a low-privilege user with no write access to system directories or application binaries.
- Audit the SuperAGI host for unexpected files created since the service was deployed.
Patch Information
No vendor patch is currently available. According to the disclosure, the vendor was contacted but did not respond. Organizations should track the upstream TransformerOptimus SuperAGI repository for fixes and apply updates beyond version 0.0.14 when published.
Workarounds
- Place a web application firewall (WAF) rule in front of the SuperAGI API to block requests where the Name field contains ../, ..\, or encoded traversal sequences.
- Apply a local patch to superagi/controllers/resources.py that validates the resolved upload path remains within the configured resources directory using os.path.realpath and a prefix check.
- Mount the SuperAGI resources directory on a separate filesystem with restrictive permissions to limit blast radius if traversal succeeds.
# Example WAF rule (ModSecurity) to block traversal in the Name field
SecRule ARGS:Name "@rx (\.\./|\.\.\\|%2e%2e%2f|%2e%2e/)" \
"id:1026615,phase:2,deny,status:400,\
msg:'CVE-2026-6615 SuperAGI path traversal attempt in Name parameter'"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
