CVE-2026-7784: NagaAgent Path Traversal Exposes Servers
A high-severity path traversal vulnerability, CVE-2026-7784, has been identified in RTGS2017 NagaAgent up to version 5.1.0. According to the National Vulnerability Database, this flaw resides in the apiserver/routes/extensions.py component, specifically within the Skills Endpoint when processing the Name argument. This manipulation allows for remote path traversal.
The National Vulnerability Database reports a CVSS v3.1 score of 7.3 (High). The critical aspect here is that the exploit has been publicly disclosed, meaning attackers can immediately weaponize it. The project maintainers were reportedly informed via an issue report but have not yet responded, leaving a window of exposure for affected systems.
This vulnerability allows attackers to access arbitrary files and directories on the server, potentially leading to information disclosure, unauthorized configuration changes, or further system compromise. The remote exploitability and public disclosure significantly elevate the risk, demanding immediate attention from organizations utilizing NagaAgent.
What This Means For You
- If your organization uses RTGS2017 NagaAgent, you need to determine if you are running a version prior to 5.1.0. This is a critical path traversal vulnerability with a public exploit. Attackers are not waiting; they are actively scanning for unpatched systems. Audit your NagaAgent deployments and prioritize patching or isolating these systems immediately.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7784: NagaAgent Path Traversal via Name Parameter
title: CVE-2026-7784: NagaAgent Path Traversal via Name Parameter
id: scw-2026-05-05-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-7784 by identifying requests to the NagaAgent skills endpoint ('/api/v1/skills') that contain a 'Name' parameter with a path traversal sequence ('../../'). This indicates an attempt to access files outside the intended directory.
author: SCW Feed Engine (AI-generated)
date: 2026-05-05
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7784/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/v1/skills'
cs-uri-query|contains:
- 'Name=../../'
cs-method:
- 'GET'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7784 | Path Traversal | RTGS2017 NagaAgent up to 5.1.0 |
| CVE-2026-7784 | Path Traversal | apiserver/routes/extensions.py |
| CVE-2026-7784 | Path Traversal | Component: Skills Endpoint |
| CVE-2026-7784 | Path Traversal | Manipulation of argument: Name |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 05, 2026 at 03:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-44029 — Path Traversal
CVE-2026-44029 — An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory...
CVE-2026-44028: Nix/Lix Unbounded Recursion Leads to RCE as Root
CVE-2026-44028 — An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to...
Axle-Bucamp MCP-Docusaurus Path Traversal (CVE-2026-7788) Public Exploit
CVE-2026-7788 — A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py....