CVE-2026-8770

ℹ️ low

Summary

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Score

3.3

Low

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-18

First Seen: 2026-05-18

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 2.8% of all 326,604 vulnerabilities in our database.

#317,424

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 18, 2026

🔍 Exploitation Status

Poc

Proof-of-concept available

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

Eric-g (VulDB User) (reporter) VulDB CNA Team (coordinator)

SSVC data provided by CISA

Last Modified 2026-05-19

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS Vector 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE IDs (Weakness Types)

CWE-22

CVE-2026-8770

Summary

📊 Relative Risk Intelligence

🎯 CISA SSVC Assessment Updated: May 18, 2026

📦 Affected Products 1

🔗 References 4