4.8
/ 10
MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Description
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Basic Information
ID
CVE-2026-8770
Source
VulDB
Published
May 17, 2026 at 23:15
Affected Product
Vendor
continuedev
Product
continue
Version
1.2.0
Affected Versions
continuedev continue 1.2.0
continuedev continue 1.2.1
continuedev continue 1.2.2
continuedev continue 1.2.3
continuedev continue 1.2.4
continuedev continue 1.2.5
continuedev continue 1.2.6
continuedev continue 1.2.7
continuedev continue 1.2.8
continuedev continue 1.2.9
continuedev continue 1.2.10
continuedev continue 1.2.11
continuedev continue 1.2.12
continuedev continue 1.2.13
continuedev continue 1.2.14
continuedev continue 1.2.15
continuedev continue 1.2.16
continuedev continue 1.2.17
continuedev continue 1.2.18
continuedev continue 1.2.19
continuedev continue 1.2.20
continuedev continue 1.2.21
continuedev continue 1.2.22
continuedev continue 1.2.1
continuedev continue 1.2.2
continuedev continue 1.2.3
continuedev continue 1.2.4
continuedev continue 1.2.5
continuedev continue 1.2.6
continuedev continue 1.2.7
continuedev continue 1.2.8
continuedev continue 1.2.9
continuedev continue 1.2.10
continuedev continue 1.2.11
continuedev continue 1.2.12
continuedev continue 1.2.13
continuedev continue 1.2.14
continuedev continue 1.2.15
continuedev continue 1.2.16
continuedev continue 1.2.17
continuedev continue 1.2.18
continuedev continue 1.2.19
continuedev continue 1.2.20
continuedev continue 1.2.21
continuedev continue 1.2.22