Agnai vulnerable to Relative Path Traversal in Image Upload
Description
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect agnai.chat, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Agnai before 1.0.330 allows attackers to upload image files to arbitrary server directories, enabling defacement or overwriting existing images.
Vulnerability
Overview
The vulnerability in Agnai, an AI-agnostic multi-user roleplaying chat system, allows attackers to upload image files to attacker-chosen locations on the server. This path traversal issue exists in versions prior to 1.0.330 and stems from insufficient validation of file paths during image upload operations, as seen in code paths like /srv/api/upload.ts [1][3].
Exploitation
Conditions
An attacker can exploit this vulnerability by crafting HTTP requests that specify arbitrary directory paths for image uploads. The attack does not require authentication if the server is publicly exposed; however, the issue does not affect the hosted service agnai.chat, installations using S3-compatible storage, or self-hosted instances that are not exposed to the internet [1]. The lack of proper path sanitization allows uploads to unintended directories, potentially overwriting existing image files [1].
Impact
Successful exploitation can lead to image file uploads to unauthorized directories, including overwriting of existing images. This could be used for defacement of the application's interface or other malicious activities that alter the visual content served by the system [1].
Mitigation
The vulnerability is fixed in version 1.0.330 of Agnai [1]. Users who self-host publicly exposed instances should update to this version immediately. No workaround is mentioned, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
agnainpm | < 1.0.330 | 1.0.330 |
Affected products
3- agnaistic/agnaiv5Range: < 1.0.330
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-g54f-66mw-hv66ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47171ghsaADVISORY
- github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/character.tsghsax_refsource_MISCWEB
- github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/upload.tsghsax_refsource_MISCWEB
- github.com/agnaistic/agnai/security/advisories/GHSA-g54f-66mw-hv66ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.