CVE-2026-8770
3.3 LOWA vulnerability was identified in continuedev continue up to 1.2.22
Published: 2026-05-18 · Last updated: 2026-05-19
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-22
Affected products
| Vendor | Product |
|---|---|
| continue | continue |
Description
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8770
- [Exploit reference]https://gist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831
- [Exploit reference]https://vuldb.com/submit/811428
- [Other]https://vuldb.com/vuln/364395
- [Other]https://vuldb.com/vuln/364395/cti
- [Exploit reference]https://vuldb.com/submit/811428
Related CVEs
Same CWE
- CVE-2026-52726 — Dulwich is a pure-Python implementation of the Git file formats and protocols (7.5 HIGH)
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-47712 — Dulwich is a pure-Python implementation of the Git file formats and protocols (3.3 LOW)
- CVE-2026-46703 — Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to ru... (9.6 CRITICAL)
- CVE-2026-42305 — Dulwich is a pure-Python implementation of the Git file formats and protocols (8.8 HIGH)