CVE Tools
Sign in

CVE-2024-5926

Path Traversal in stitionai/devika

Published: Jun 30, 2024Updated: Jul 10, 2025 Sources: CVE List NVDCWE-29
NVD MITRE
9.1CVSSCRITICAL
EPSS Score
0.9%
Top 46.2%
CISA KEV
Not in KEV
Exploits
1 Known
Remediation
No Fix Available

Description

A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service (DoS). This issue is present in all versions of the application. The vulnerability arises due to insufficient path sanitization for the 'project-name' parameter, enabling attackers to specify paths that traverse the filesystem. By setting 'project-name' to the root directory, an attacker can cause the application to attempt to read the entire filesystem, leading to a DoS condition.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:NIntegrity
None
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-29

Affected Products

stitionai/devikastitionai
SaaS
AI / ML / ai-agent-tooling
devikastitionai
SaaS
AI / ML / ai-agent-tooling
stitionaicommercialAI / MLaka devika

Exploitability

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details

References

https://huntr.com/bounties/19af24fe-9b90-4638-8fbc-b18def6985d7
huntr.com

Timeline

Published
Jun 30, 2024
Last Updated
Jul 10, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-5926 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows