CVE-2026-12203 is a MEDIUM severity vulnerability in AI-Trader. The vulnerability affects the Research Export component, specifically the file /api/research/agents.csv. An attacker can exploit this vulnerability remotely, resulting in information disclosure. The CVSS score for this vulnerability is 5.5.
A path traversal vulnerability in DeepCode's SPA catch-all route allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to bypass Starlette's path normalization. The vulnerability exists in new_ui/backend/main.py through commit c991dc2. Attackers can encode slashes as %2F and dots as %2E%2E to traverse outside the FRONTEND_DIST directory, exposing sensitive fil [truncated]