CVE-2026-59807 in Composio SDK
Summary
by MITRE • 07/08/2026
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt injection to manipulate file_uploadable parameters to reference sensitive paths such as SSH private keys, causing the CLI to upload credential files to attacker-controlled storage.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 07/08/2026
The Composio SDK vulnerability represents a critical path traversal and privilege escalation flaw that undermines the security posture of applications relying on file handling capabilities. This issue affects versions prior to 02.32-beta.283 and stems from inadequate input validation within the readFileFromDisk function located in tool-file-uploads.ts. The root cause lies in the absence of a proper assertSafeFileUploadPath check that should validate file paths against known safe directories and prevent access to sensitive system locations.
The technical implementation of this vulnerability exploits a prompt injection vector where attackers can manipulate the file_uploadable parameters through crafted input sequences. This manipulation allows adversaries to reference arbitrary file paths including critical system locations such as SSH private keys located in .ssh directories or other credential storage areas. The vulnerability operates by bypassing expected security boundaries that should normally restrict file access to designated upload directories, effectively creating a path validation bypass that enables unauthorized file system traversal.
From an operational perspective, this vulnerability presents significant risk to organizations using Composio SDK for automation workflows and tool integrations. Attackers can leverage this flaw to exfiltrate sensitive credentials, configuration files, and private keys from compromised systems, potentially leading to lateral movement within networks and persistent access. The impact extends beyond immediate credential theft as these stolen files often contain authentication material that can be used to escalate privileges or compromise additional system components.
The vulnerability aligns with CWE-22 Path Traversal and CWE-73 Relative Path Traversal, representing a classic file system access control bypass scenario where proper input sanitization fails to prevent directory traversal sequences. From an adversary tactics standpoint, this vulnerability maps to ATT&CK technique T1078 Valid Accounts for privilege escalation and T1567 Exfiltration Over Web Service for data extraction. The attack chain typically involves initial access through prompt injection, followed by path manipulation to identify sensitive files, and concludes with unauthorized file reading and exfiltration.
Mitigation strategies should focus on implementing comprehensive path validation checks that enforce strict directory boundaries and prevent access to system-critical locations. Organizations must ensure all file upload and read operations include proper assertSafeFileUploadPath functions that validate paths against whitelisted directories and reject any attempts to traverse parent directories using sequences like ../ or ..\. Additionally, input sanitization should be strengthened to prevent prompt injection attacks that enable parameter manipulation. Regular security updates and patch management processes must be implemented to address such vulnerabilities promptly, as the affected versions represent a window of opportunity for attackers to exploit these path validation weaknesses in production environments.