How broadly exploitable is this vulnerability in real deployments?

Exploitability depends on how widely the edit_package() functionality is exposed and who can control pack_folder. In environments where untrusted or semi-trusted users can reach this operation, the risk is significantly higher; in locked-down, single-user setups with limited exposure, practical impact may be reduced but not eliminated.

What level of access does an attacker need to exploit this issue?

The attacker needs the ability to trigger package editing with a custom pack_folder value, typically via the pyLoad web interface or an API endpoint. Whether this requires authentication depends on how the instance is configured and whether access controls are properly enforced.

What is the safest general fix pattern for this class of bug?

The safest pattern is to treat pack_folder as a logical name, resolve it against a fixed base directory using canonical path utilities, and then verify that the resulting absolute path still resides under the allowed root. Any value that escapes this root, or that contains disallowed constructs, should be rejected outright rather than "cleaned up."

Severity:

HIGH RISK

(7.1)

Path Traversal (CWE-23) in pyLoad edit_package Folder Handling

CVE-2026-29778

Published:

Mar 7, 2026

Status:

Received

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-78

CRITICAL RISK

CRITICAL

(9.9)

Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora

Remote Code Execution

March 7, 2026

CWE-89

CRITICAL RISK

CRITICAL

(9.9)

SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine

Remote Code Execution via SQL Injection on the Database Server

March 7, 2026

Vulnerability Type

Category:

Path Traversal

CWE:

CWE-23

Impact:

Arbitrary File System Access Within Application Privileges

Severity:

HIGH RISK

(7.1)

CVSS Version:

3.1

Vulnerability Type

Category:

Path Traversal

CWE:

CWE-23

Impact:

Arbitrary File System Access Within Application Privileges

Severity:

HIGH RISK

(7.1)

CVSS Version:

3.1

Catch This CVE While Code Is Being Written

Detect vulnerable code directly in pull requests, so CVEs are fixed before merge.

Get Started

Ship clean & secure code faster

START 14 DAYS FREE TRIAL

BOOK A DEMO

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Path Traversal (CWE-23) in pyLoad edit_package Folder Handling

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

Recent Vulnerabilities

CRITICAL RISK

CRITICAL

(9.9)

Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora

CRITICAL RISK

CRITICAL

(9.9)

SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine

Vulnerability Type

Vulnerability Type

Vulnerability Type

Catch This CVE While Code Is Being Written

Ship clean & secure code faster

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare