Summary A vulnerability has been discovered in Agnai that permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect: – agnai.chat – installations using S3-compatible storage – self-hosting that is not publicly exposed This DOES affect: – publicly hosted installs without S3-compatible storage CWEs CWE-35: Path Traversal CWE-434: Unrestricted Upload of File with Dangerous Type CVSS-4.0 – 9.0 – Critical CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H Description Path Traversal and Unrestricted Upload of File with Dangerous Type Path Traversal Location tsx POST /api/chat/5c25e8dc-67c3-40e1-9572-32df2e26ff38/temp-character HTTP/1.1 {"_id": "/../../../../../../app/srv/api/voice",…<ommitted>} In the following file, the _id parameter which is a remote-supplied parameter is not properly validated and sanitized. https://github.com/agnaistic/agnai/blob/437227d9aa86132f3be3b41c89981cb393c903d0/srv/api/chat/characters.ts#L101 jsx const upserted: AppSchema.Character = { _id: body._id || `temp-${v4().slice(0, 8)}`, kind: 'character', createdAt: now(), In the following file, the filename (or id) and content variables are not properly sanitized and validated,…Read More