RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal_CVE-2026-7784

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7784

Source VulDB

Published May 4, 2026 at 23:30

Affected Product

Vendor RTGS2017

Product NagaAgent

Version 5.0

Affected Versions RTGS2017 NagaAgent 5.0
RTGS2017 NagaAgent 5.1.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-05-04T23:30:15.477Z",
    "modified": "2026-05-04T23:30:15.477Z",
    "type": "cve",
    "title": "RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360981\nhttps://vuldb.com/vuln/360981/cti\nhttps://vuldb.com/submit/807744\nhttps://github.com/RTGS2017/NagaAgent/issues/311\nhttps://github.com/RTGS2017/NagaAgent/",
    "id": "CVE-2026-7784",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "RTGS2017 NagaAgent 5.0\nRTGS2017 NagaAgent 5.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NagaAgent",
    "version": "5.0",
    "vendor": "RTGS2017",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}