High severity7.1NVD Advisory· Published Apr 22, 2026· Updated May 20, 2026
CVE-2026-6855
CVE-2026-6855
Description
A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logs_dir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthorized data modification or disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
instructlabPyPI | <= 0.26.1 | — |
Affected products
3- cpe:2.3:a:redhat:instructlab:-:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_ai:3.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- access.redhat.com/security/cve/CVE-2026-6855nvdVendor AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-pqmg-c2j8-fq92ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-6855ghsaADVISORY
News mentions
0No linked articles in our index yet.