CVE-2026-53535 in Activepieces
Summary
by MITRE • 07/16/2026
Activepieces is an open source AI workflow automation platform. Prior to 0.82.0, the git-sync feature clones a user-configured Git repository into a temporary directory on the server and then writes flow, table, and connection state into it before pushing back, and two separate weaknesses allowed those writes to escape the intended workspace and land on arbitrary paths on the host filesystem: Git's symbolic-link handling was not disabled on the clone, so an attacker who controlled the remote repository could include symlinks that redirected the writes, and several user-supplied identifiers used to build on-disk paths (the repository slug and the externalId of tables, flows, and connections) were not validated against directory-traversal sequences such as ../. On a self-hosted Enterprise Edition deployment, a user authorized to configure or push to a git-sync repository (holding the WRITE_PROJECT_RELEASE permission) could cause the server to overwrite files anywhere the Activepieces process user can write, which depending on host layout can be leveraged for tampering, denial of service, or remote code execution. This issue is fixed in version 0.82.0.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/16/2026
The vulnerability in Activepieces prior to version 0.82.0 represents a critical directory traversal flaw that stems from inadequate input validation and unsafe Git operations within the git-sync feature. This vulnerability specifically affects self-hosted Enterprise Edition deployments where users with WRITE_PROJECT_RELEASE permission can manipulate repository configurations to execute arbitrary file system operations on the host server. The core issue manifests through two interconnected weaknesses that together create a path traversal attack vector allowing attackers to escape the intended temporary workspace and write files to arbitrary locations within the host filesystem.
The technical exploitation occurs through Git's symbolic-link handling mechanism which was not properly disabled during repository cloning operations. When an attacker controls the remote repository, they can include malicious symbolic links that redirect file writes from the intended temporary directory to any location accessible by the Activepieces process user. This vulnerability is compounded by insufficient validation of user-supplied identifiers used to construct on-disk paths, particularly repository slugs and externalId values for tables, flows, and connections. These identifiers contain no sanitization against directory traversal sequences such as ../ which allows attackers to navigate outside the intended workspace boundaries.
From a cybersecurity perspective, this vulnerability directly maps to CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-345 (Insufficient Verification of Data Authenticity). The operational impact ranges from simple file tampering to potential remote code execution depending on the host system configuration and permissions granted to the Activepieces process user. Attackers with WRITE_PROJECT_RELEASE permission can leverage this vulnerability to overwrite critical system files, inject malicious code into running processes, or cause denial of service conditions by corrupting essential application components.
The attack surface is particularly concerning in enterprise environments where Activepieces might run with elevated privileges or access to sensitive data repositories. The combination of Git's symlink handling and path construction flaws creates a persistent threat that can be exploited regardless of network isolation measures. Organizations using Activepieces Enterprise Edition should immediately implement mitigations including upgrading to version 0.82.0, implementing strict repository access controls, and monitoring for unauthorized git-sync configuration changes. This vulnerability also aligns with ATT&CK technique T1059.007 (Command and Scripting Interpreter: Python) when used for remote code execution scenarios, making it a significant concern for security operations teams.
The fix implemented in version 0.82.0 addresses both root causes by disabling Git's symbolic-link handling during clone operations and implementing comprehensive validation of user-supplied identifiers against directory traversal patterns. This remediation follows industry best practices for preventing path traversal attacks and aligns with secure coding standards that require input sanitization and proper boundary enforcement in file system operations. Organizations should verify their deployment configurations to ensure the fix is properly applied and monitor for any continued attempts to exploit the previous vulnerability through unauthorized repository modifications or access control bypasses.