CVE-2026-42085— OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

相对路径遍历

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS是OpenC3开源的一个应用程序。 OpenC3 COSMOS 6.10.5之前版本和7.0.0-rc3之前版本存在安全漏洞，该漏洞源于save_tool_config函数存在设计缺陷，允许通过提供特制配置文件名在共享插件目录树中任意位置保存工具配置文件，可能导致用户创建任意文件结构并覆盖现有配置文件。

N/A

N/A