cvedb.io
CVE-2026-8770
LOW · CVSS 3.3
EPSS exploitation probability: 0%
Published 2026-05-18T00:16:37.343 · Last modified 2026-06-17T11:04:26.333

Summary

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products

continue — continue

Does this affect you?

Add your gear to cvedb and we'll alert you only when continue ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.