High severity8.8NVD Advisory· Published Apr 9, 2026· Updated May 13, 2026

CVE-2026-39981

Description

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or delete arbitrary files on the server hosting the AGiXT instance. This vulnerability is fixed in 1.9.2.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
agixtPyPI	< 1.9.2	1.9.2

Affected products

Josh XT/Agixtreferences

Patches

2079ea5a88fa

v1.9.2

https://github.com/Josh-XT/AGiXTJosh XTMar 15, 2026via ghsa

commit

2 files changed · +15 −4

agixt/extensions/essential_abilities.py+14 −3 modified

@@ -423,19 +423,30 @@ async def download_file_from_url(
 
     def safe_join(self, paths) -> str:
         """
-        Safely join paths together
+        Safely join paths together, ensuring the result stays within
+        the agent's WORKING_DIRECTORY to prevent path traversal attacks.
 
         Args:
         paths (str): The paths to join
 
         Returns:
         str: The joined path
+
+        Raises:
+        PermissionError: If the resolved path escapes WORKING_DIRECTORY
         """
         if "/path/to/" in paths:
             paths = paths.replace("/path/to/", "")
-        new_path = os.path.normpath(
-            os.path.join(self.WORKING_DIRECTORY, *paths.split("/"))
+        # Use realpath (not just normpath) to resolve symlinks and ..
+        base = os.path.realpath(self.WORKING_DIRECTORY)
+        new_path = os.path.realpath(
+            os.path.normpath(os.path.join(self.WORKING_DIRECTORY, *paths.split("/")))
         )
+        # Verify the resolved path is within the workspace
+        if not (new_path.startswith(base + os.sep) or new_path == base):
+            raise PermissionError(
+                f"Path traversal detected: refusing to access path outside workspace"
+            )
         path_dir = os.path.dirname(new_path)
         os.makedirs(path_dir, exist_ok=True)
         return new_path

agixt/version+1 −1 modified

@@ -1 +1 @@
-v1.9.1
\ No newline at end of file
+v1.9.2
\ No newline at end of file

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/Josh-XT/AGiXT/commit/2079ea5a88fa671a921bf0b5eba887a5a1b73d5fnvdPatchWEB
github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmwnvdExploitVendor AdvisoryWEB
github.com/advisories/GHSA-5gfj-64gh-mgmwghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-39981ghsaADVISORY
github.com/Josh-XT/AGiXT/releases/tag/v1.9.2nvdProductRelease NotesWEB

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000