Intel

AIKIDO-2026-736664

banks is vulnerable to Path Traversal

Path Traversal Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Today

59

Medium Risk

This Affects:

PYTHONbanks
0.6.0 - 2.4.4
Fixed in 2.4.5
Are you affected? Scan for Free

TL;DR

The DirectoryPromptRegistry in banks builds prompt file paths by interpolating the prompt name and version directly into a filesystem path without validation. Calling set() with a name or version that contains an absolute path or .. segments writes the prompt file outside the registry root, and loading a crafted index.json reconstructs stored paths the same unsafe way. An attacker who can influence stored prompt names, versions, or the on-disk index can write or overwrite files outside the intended directory. The fix adds _resolve_prompt_file(), which rejects absolute and dot-segment names and versions and enforces that the resolved path stays within the registry root.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application passes untrusted prompt names, versions, or index data to DirectoryPromptRegistry.

Background info

banks is vulnerable to Path Traversal in versions 0.6.0 - 2.4.4.

How to fix this

Upgrade the banks library to the patch version.