CVE-2026-59807 in Composio SDKinfo

Summary

by MITRE • 07/08/2026

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt injection to manipulate file_uploadable parameters to reference sensitive paths such as SSH private keys, causing the CLI to upload credential files to attacker-controlled storage.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

The Composio SDK vulnerability represents a critical path traversal and privilege escalation flaw that undermines the security posture of applications relying on file handling capabilities. This issue affects versions prior to 02.32-beta.283 and stems from inadequate input validation within the readFileFromDisk function located in tool-file-uploads.ts. The root cause lies in the absence of a proper assertSafeFileUploadPath check that should validate file paths against known safe directories and prevent access to sensitive system locations.

The technical implementation of this vulnerability exploits a prompt injection vector where attackers can manipulate the file_uploadable parameters through crafted input sequences. This manipulation allows adversaries to reference arbitrary file paths including critical system locations such as SSH private keys located in .ssh directories or other credential storage areas. The vulnerability operates by bypassing expected security boundaries that should normally restrict file access to designated upload directories, effectively creating a path validation bypass that enables unauthorized file system traversal.

From an operational perspective, this vulnerability presents significant risk to organizations using Composio SDK for automation workflows and tool integrations. Attackers can leverage this flaw to exfiltrate sensitive credentials, configuration files, and private keys from compromised systems, potentially leading to lateral movement within networks and persistent access. The impact extends beyond immediate credential theft as these stolen files often contain authentication material that can be used to escalate privileges or compromise additional system components.

The vulnerability aligns with CWE-22 Path Traversal and CWE-73 Relative Path Traversal, representing a classic file system access control bypass scenario where proper input sanitization fails to prevent directory traversal sequences. From an adversary tactics standpoint, this vulnerability maps to ATT&CK technique T1078 Valid Accounts for privilege escalation and T1567 Exfiltration Over Web Service for data extraction. The attack chain typically involves initial access through prompt injection, followed by path manipulation to identify sensitive files, and concludes with unauthorized file reading and exfiltration.

Mitigation strategies should focus on implementing comprehensive path validation checks that enforce strict directory boundaries and prevent access to system-critical locations. Organizations must ensure all file upload and read operations include proper assertSafeFileUploadPath functions that validate paths against whitelisted directories and reject any attempts to traverse parent directories using sequences like ../ or ..\. Additionally, input sanitization should be strengthened to prevent prompt injection attacks that enable parameter manipulation. Regular security updates and patch management processes must be implemented to address such vulnerabilities promptly, as the affected versions represent a window of opportunity for attackers to exploit these path validation weaknesses in production environments.

Responsible

VulnCheck

Reservation

07/07/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!