CVE-2026-8770

A path traversal vulnerability has been identified in continuedev continue, affecting versions up to 1.2.22. The flaw resides in the lsTool function within core/tools/implementations/lsTool.ts, part of the JSON-RPC server. Unlike other file manipulation tools such as readFile or createNewFile, which call the security check throwIfFileIsSecurityConcern after resolving a user-supplied path, lsTool omits this critical validation. As a result, when an attacker provides an absolute path (e.g., /etc) as the dirPath argument, the tool directly operates on it without enforcing workspace boundaries or security patterns [1].

Exploitation requires only a locally reachable JSON-RPC instance (default TCP port 3000) or a prompt injection vector that can trigger the tool. A proof-of-concept Python script demonstrates how an unauthenticated attacker can connect to the Core server and invoke lsTool with arbitrary directory paths. Furthermore, the walkDir function is explicitly configured with overrideDefaultIgnores: ignore(), which disables the default blocklists that normally hide sensitive files (e.g., .ssh, .env), enabling thorough directory enumeration [1].

The impact is limited to file enumeration—an attacker can list the contents of sensitive directories such as /etc/ or ~/.ssh/, but cannot read the contents of files. This can expose system filenames and directory layouts, potentially aiding further targeted attacks. The vulnerability is classified as low severity (CVSS v3 base score 3.3) due to the requirement for local access and the lack of direct data exfiltration [1].

As of the advisory publication date, the vendor (continuedev) was contacted but did not respond. No official patch or workaround has been released. Users are advised to restrict access to the JSON-RPC server (e.g., binding only to localhost and using authentication) or to monitor for future updates that address the missing security check in lsTool [1].