CVE-2026-42078

CVE-2026-42078 is a medium-severity path traversal vulnerability in pptagent (pip), affecting versions < 1.1.36. It is fixed in 1.1.36.

Summary

The markdown_table_to_image tool accepts a caller-controlled path parameter and passes it directly to get_html_table_image:

# pptagent/mcp_server.py:127-143
def markdown_table_to_image(markdown_table: str, path: str, css: str) -> str:
    """
    Args:
        path (str): The file path where the image will be saved
    """
    html = markdown_to_html(markdown_table)
    get_html_table_image(html, path, css)           # ← no path validation
    return f"Markdown table converted to image and saved to {path}"

# pptagent/utils.py:337-366
def get_html_table_image(html: str, output_path: str, css: str = None):
    parent_dir, base_name = os.path.split(output_path)
    if parent_dir and not os.path.exists(parent_dir):
        os.makedirs(parent_dir)                     # ← creates arbitrary directories
    hti = Html2Image(...)
    hti.screenshot(
        html_str=html,
        css_str=css,
        save_as=base_name,                          # ← writes image to any directory
        size=(1000, 600),
    )

os.makedirs(parent_dir) creates arbitrary directory trees, and Html2Image.screenshot writes the rendered image to parent_dir/base_name. Unlike download_file in the same project, there is no is_relative_to(workspace) guard. This behaviour can be fixed with the same pattern as the above.

The concrete attack scenarios include

  • SSH key replacement: path = "/home/user/.ssh/authorized_keys", replaces the authorized_keys file with an image binary (breaks - SSH but could be an image crafted with a specific PNG/JPEG payload).
  • Web shell: path = "/var/www/html/uploads/shell.php", writes the rendered PNG there; the file has the .php extension but PNG content; combined with Apache Options +MultiViews or file-include vulnerabilities could be dangerous.
  • Directory creation oracle: path = "/root/test/probe.png", if the directory is created, confirms the target path exists; if it errors, reveals permissions information.

Impact

Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.

CVE-2026-42078 has a CVSS score of 4.6 (Medium). The vector is network-reachable, low privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (1.1.36); upgrading removes the vulnerable code path.

Affected versions

pptagent (< 1.1.36)

Security releases

pptagent → 1.1.36 (pip)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Upgrade pptagent to 1.1.36 or later to resolve this vulnerability.

Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.

Frequently Asked Questions

  1. What is CVE-2026-42078? CVE-2026-42078 is a medium-severity path traversal vulnerability in pptagent (pip), affecting versions < 1.1.36. It is fixed in 1.1.36. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
  2. How severe is CVE-2026-42078? CVE-2026-42078 has a CVSS score of 4.6 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
  3. Which versions of pptagent are affected by CVE-2026-42078? pptagent (pip) versions < 1.1.36 is affected.
  4. Is there a fix for CVE-2026-42078? Yes. CVE-2026-42078 is fixed in 1.1.36. Upgrade to this version or later.
  5. Is CVE-2026-42078 exploitable, and should I be worried? Whether CVE-2026-42078 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  6. What actually determines whether CVE-2026-42078 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  7. How do I fix CVE-2026-42078? Upgrade pptagent to 1.1.36 or later.

Other vulnerabilities in pptagent

CVE-2026-42080CVE-2026-42079

Stop the waste.
Protect your environment with Kodem.