Path Traversal in SuperAGI Exploitable Remotely

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitypath-traversalcwe-22
Path Traversal in SuperAGI Exploitable Remotely

The National Vulnerability Database has identified a critical path traversal vulnerability (CVE-2026-6615) in TransformerOptimus SuperAGI, affecting versions up to 0.0.14. The flaw resides within the Multipart Upload Handler’s file upload functionality in superagi/controllers/resources.py. Attackers can exploit this by manipulating the ‘Name’ argument to traverse directories, potentially accessing or overwriting sensitive files on the server. This vulnerability is remotely exploitable and a public exploit is available, increasing the immediate risk to organizations using affected versions.

Despite early disclosure, the vendor has not responded, leaving users exposed. With a CVSS score of 7.3 (HIGH), this is not a vulnerability to ignore. Defenders must prioritize patching or mitigating this issue immediately, as unpatched systems present an open door for attackers to compromise their environment. The lack of vendor response underscores the importance of proactive security measures and contingency planning when relying on third-party software.

What This Means For You

  • If your organization utilizes TransformerOptimus SuperAGI, immediately verify that you are running version 0.0.14 or later. If you are on an older version, apply available patches or implement compensating controls to block access to the affected upload functionality and monitor file system integrity for signs of unauthorized access.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1071.001 Web Protocols Command and Control T1566.002 Spearphishing Attachment Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-6615 - SuperAGI Multipart Upload Path Traversal

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-6615 Path Traversal TransformerOptimus SuperAGI up to 0.0.14
CVE-2026-6615 Path Traversal superagi/controllers/resources.py::Upload function
CVE-2026-6615 Path Traversal Vulnerable component: Multipart Upload Handler
CVE-2026-6615 Path Traversal Argument 'Name' manipulation

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 11:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

MCP Design Flaw Opens Door to RCE, Threatening AI Supply Chain

The Hacker News reports a critical design vulnerability within the Model Context Protocol (MCP) architecture. This flaw enables Arbitrary Command Execution (RCE) on any system...

threat-intelvulnerabilityai-security
/SCW Vulnerability Desk /HIGH /⚑ 1 IOC /⚙ 3 Sigma

CVE-2026-6628 — Phili67 Ecclesia CRM SQL Injection

CVE-2026-6628 — A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the...

vulnerabilityCVEmedium-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-6626 — Cockpit-HQ Cockpit Vulnerability

CVE-2026-6626 — A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate...

vulnerabilityCVEmedium-severitycwe-20cwe-943
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 2 Sigma