Path Traversal and File Write Vulnerability in ByteDance DeerFlow
CVE-2026-40518

7.1HIGH

Key Information:

Vendor: Bytedance
Status: Deer-flow
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-40518?

A security flaw exists in ByteDance DeerFlow versions prior to commit 2176b2b, where the creation of custom-agents in bootstrap mode fails to properly validate agent names. This weakness allows an attacker to introduce traversal patterns or absolute paths in the agent name, enabling the potential to create directories and write files outside of the designated custom-agent directory. As a result, this vulnerability could allow unauthorized access to the filesystem, contingent on existing file system permissions.

Affected Version(s)

deer-flow 0 < 2176b2bbfccfce25ceee08318813f96d843a13fd

References

https://github.com/bytedance/deer-flow/pull/2274

issue-tracking

https://github.com/bytedance/deer-flow/commit/2176b2bbfcc...

patch

https://www.vulncheck.com/advisories/bytedance-deerflow-p...

third-party-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 13, 2026

Credit

Chia Min Jun Lennon

CVE-2026-40518 Data

JSON

Bytedance

What is CVE-2026-40518?

Affected Version(s)

References

CVSS V4

Timeline

Credit