◈ AI Security Intelligence ← All terms
Attack  ·  Glossary

Path traversal (AI agents)

Definition
A vulnerability in which an AI agent or its supporting infrastructure fails to restrict file-path operations, allowing an attacker to read or write files anywhere on the server — not just the intended working directory. In agent frameworks this can expose configuration files, memory stores, credentials, and other agents' data.
Why it matters
AI agent platforms routinely persist sensitive state to disk; a path traversal flaw turns an agent's storage layer into an open archive for any attacker who can interact with the platform, potentially exposing every task, secret, and output the agent has ever handled.
Demonstrated by recent findings
PraisonAI MultiAgentMonitor Path Traversal — Arbitrary File Read/Write via Agent IDs (CVSS 8.8)nanobot AI Assistant — WhatsApp Bridge Path Traversal Enables RCE via Unsanitised Filename (CVE-2026-48716)Langflow AI Platform Path Traversal → Unauthenticated RCE Actively Exploited (CVE-2026-5027)
References
OWASP: Path Traversal
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →