CVE-2026-8765

A path traversal vulnerability exists in Kilo-Org kilocode versions up to 7.0.47 within the /experimental/worktree/diff/file API endpoint. The flaw lies in the detailMeta function in packages/opencode/src/kilocode/review/worktree-diff.ts, which uses Bun.file(path.join(dir, file)) to access files. The file parameter is user-controlled and not sanitized, allowing directory traversal sequences such as ../ to escape the intended workspace directory [1].

Attackers can exploit this vulnerability remotely without authentication by sending a crafted HTTP request to the endpoint. By setting the file parameter to values like ../../../../etc/passwd, the path traversal bypasses directory restrictions and accesses arbitrary files on the server's filesystem. The request also includes a base parameter (e.g., HEAD) and requires an x-opencode-directory header pointing to a valid workspace instance [1].

Successful exploitation allows an attacker to read any file the server process has access to, including sensitive system files such as /etc/passwd. The file contents are returned in the JSON response under the after field, exposing credentials, configuration files, or other confidential data. Given the public availability of exploit code, unpatched instances are at immediate risk [1].

As the vendor did not respond to disclosure, no official patch is available. Users should restrict network access to the API endpoint, apply web application firewall (WAF) rules to block path traversal patterns, or disable the affected endpoint if not required. This vulnerability is actively exploitable and should be prioritized for mitigation [1].