Evolver: Path Traversal via `–out` flag in `fetch` command allows...

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Description

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or create files in sensitive location. This issue has been patched in version 1.69.3.

Basic Information

ID CVE-2026-42075

Source GitHub_M

Published May 4, 2026 at 16:47

Affected Product

Vendor EvoMap

Product evolver

Version < 1.69.3

Affected Versions EvoMap evolver < 1.69.3

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or create files in sensitive location. This issue has been patched in version 1.69.3.",
    "published": "2026-05-04T16:47:23.943Z",
    "modified": "2026-05-04T16:47:23.943Z",
    "type": "cve",
    "title": "Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write",
    "source": "GitHub_M",
    "references": "https://github.com/EvoMap/evolver/security/advisories/GHSA-r466-rxw4-3j9j\nhttps://github.com/EvoMap/evolver/releases/tag/v1.69.3",
    "id": "CVE-2026-42075",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "EvoMap evolver < 1.69.3",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "evolver",
    "version": "< 1.69.3",
    "vendor": "EvoMap",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Evolver: Path Traversal via `–out` flag in `fetch` command allows Arbitrary File Write_CVE-2026-42075