LOW
Continue
CVE published 2026-05-18
CVE-2026-8770
CVE-2026-8770 describes a path traversal issue in the JSON-RPC Server component of continuedev continue up to 1.2.22, specifically in lsTool within core/tools/implementations/lsTool.ts. The issue is triggered by manipulation of the dirPath argument and is reported to require local access. The CVE record lists CWE-22 and a low CVSS 4.0 score of 1.9. Source material also indicates that a public exploit exis [truncated]