LOW
RAGapp
CVE published 2026-06-28
CVE-2026-13509
A path traversal vulnerability has been discovered in RAGapp's Knowledge File Handler, specifically in the FileHandler.upload_file and FileHandler.remove_file functions located in src/ragapp/backend/controllers/files.py. This vulnerability allows remote attackers to manipulate file paths, potentially leading to unauthorized file access or modification. The exploit for this vulnerability has been publicly [truncated]