HIGH
EverMind-AI
CVE published 2026-07-10
CVE-2026-58499
CVE-2026-58499 is a high-severity path traversal vulnerability in EverOS, a memory runtime for agents. The vulnerability exists in the POST /api/v1/memory/add ingestion endpoint due to insufficient validation of the sender_id field, allowing an unauthenticated attacker to create or overwrite .md files outside the configured memory root. This issue is fixed in version 1.0.1. Users of EverOS, especially tho [truncated]