GHSA-C795-2G9C-J48M
Vulnerability from github – Published: 2026-06-19 21:43 – Updated: 2026-06-19 21:43EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message sender_id field was not validated as a path-safe identifier (unlike app_id / project_id, which already enforced this). During user-memory extraction, sender_id is used as the owner_id and joined into the filesystem path where the extracted episode is persisted as a Markdown file. A sender_id containing ../ sequences could direct the write outside the configured memory root, allowing an unauthenticated caller to create or overwrite .md files at locations writable by the server process (unauthorized arbitrary file write). The file content is partially attacker-influenced.
Patch: Fixed in v1.0.1 with (1) path-safe validation on sender_id (character whitelist plus rejection of the . and .. tokens) and (2) a defense-in-depth containment check in the Markdown writer that rejects any write resolving outside the memory root before any filesystem access, covering both the write and the append read-modify-write paths.
Remediation: Upgrade to EverOS 1.0.1. There is no workaround for affected versions other than upgrading.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.0.0"
},
"package": {
"ecosystem": "PyPI",
"name": "everos"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T21:43:12Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message sender_id field was not validated as a path-safe identifier (unlike app_id / project_id, which already enforced this). During user-memory extraction, sender_id is used as the owner_id and joined into the filesystem path where the extracted episode is persisted as a Markdown file. A sender_id containing ../ sequences could direct the write outside the configured memory root, allowing an unauthenticated caller to create or overwrite .md files at locations writable by the server process (unauthorized arbitrary file write). The file content is partially attacker-influenced.\n\n**Patch**: Fixed in v1.0.1 with (1) path-safe validation on sender_id (character whitelist plus rejection of the . and .. tokens) and (2) a defense-in-depth containment check in the Markdown writer that rejects any write resolving outside the memory root before any filesystem access, covering both the write and the append read-modify-write paths.\n\n**Remediation**: Upgrade to EverOS 1.0.1. There is no workaround for affected versions other than upgrading.",
"id": "GHSA-c795-2g9c-j48m",
"modified": "2026-06-19T21:43:12Z",
"published": "2026-06-19T21:43:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/EverMind-AI/EverOS/security/advisories/GHSA-c795-2g9c-j48m"
},
{
"type": "PACKAGE",
"url": "https://github.com/EverMind-AI/EverOS"
},
{
"type": "WEB",
"url": "https://github.com/EverMind-AI/EverOS/releases/tag/v1.0.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.