Vulnerabilities ›

CVE-2026-7784

High

CWE-22 — Weakness Type

                    Published: May 5, 2026                      ·  Modified: May 11, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

CVE-2026-7784 is a path traversal vulnerability in RTGS2017 NagaAgent up to version 5.1.0 affecting the Skills Endpoint. An attacker can manipulate the 'Name' argument to traverse the file system and access unauthorized files remotely. With a CVSS score of 7.3 and public exploit disclosure, this poses a significant risk to organizations using vulnerable versions, particularly those in financial and critical infrastructure sectors.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 8, 2026 19:17

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses critical risk to Saudi financial institutions using RTGS2017 NagaAgent, particularly SAMA-regulated banks and payment processors. The path traversal could expose sensitive financial data, transaction records, and system configurations. Government agencies managing critical infrastructure and healthcare organizations using this component are also at elevated risk. The lack of available patches creates immediate operational risk for affected entities.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Critical Infrastructure

🎯 MITRE ATT&CK Techniques

T1083 - File and Directory Discovery T1005 - Data from Local System T1190 - Exploit Public-Facing Application T1552 - Unsecured Credentials

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all systems running RTGS2017 NagaAgent versions up to 5.1.0 across your infrastructure

2. Isolate affected systems from production networks if possible, or implement network segmentation

3. Monitor access logs for suspicious file access patterns and path traversal attempts

4. Restrict network access to the Skills Endpoint to trusted sources only



COMPENSATING CONTROLS (until patch available):

5. Implement Web Application Firewall (WAF) rules to block path traversal patterns (../, ..\ sequences)

6. Apply input validation and sanitization on the 'Name' parameter - whitelist allowed characters

7. Run the application with minimal file system permissions and restricted user privileges

8. Disable the Skills Endpoint if not actively required



DETECTION:

9. Monitor for requests containing: ../, ..\ , %2e%2e, encoded traversal sequences

10. Alert on file access attempts outside expected application directories

11. Review apiserver/routes/extensions.py logs for suspicious Name parameter values

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل RTGS2017 NagaAgent الإصدارات حتى 5.1.0 عبر البنية التحتية الخاصة بك

2. عزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن، أو تطبيق تقسيم الشبكة

3. مراقبة سجلات الوصول للأنماط المريبة ومحاولات اجتياز المسار

4. تقييد الوصول إلى نقطة نهاية المهارات للمصادر الموثوقة فقط



الضوابط التعويضية (حتى توفر التصحيح):

5. تطبيق قواعد جدار حماية تطبيقات الويب لحجب أنماط اجتياز المسار

6. تطبيق التحقق من صحة المدخلات على معامل 'Name' - قائمة بيضاء للأحرف المسموحة

7. تشغيل التطبيق بأقل صلاحيات نظام الملفات والامتيازات المقيدة

8. تعطيل نقطة نهاية المهارات إذا لم تكن مطلوبة بنشاط



الكشف:

9. مراقبة الطلبات التي تحتوي على: ../ و ..\ والتسلسلات المشفرة

10. تنبيه محاولات الوصول إلى الملفات خارج الدلائل المتوقعة

11. مراجعة سجلات apiserver/routes/extensions.py لقيم معامل Name المريبة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.5.1.1 - Access Control Policies ECC 2024 A.5.2.1 - User Registration and Access Rights Management ECC 2024 A.6.1.1 - Information Security Policies ECC 2024 A.12.2.1 - Change Management

🔵 SAMA CSF

SAMA CSF ID.AM-2 - Software and Hardware Inventory SAMA CSF PR.AC-1 - Access Control SAMA CSF PR.AC-3 - Access Enforcement SAMA CSF DE.CM-1 - System Monitoring

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access Control ISO 27001:2022 A.5.16 - Identification and Authentication ISO 27001:2022 A.8.1 - User Endpoint Devices ISO 27001:2022 A.8.22 - Monitoring

🟣 PCI DSS v4.0.1

PCI DSS 1.1 - Firewall Configuration Standards PCI DSS 6.2 - Security Patches PCI DSS 10.2 - Logging and Monitoring

🔗 References & Sources 5

🔗

https://github.com/RTGS2017/NagaAgent/

cna@vuldb.com

🔗

https://github.com/RTGS2017/NagaAgent/issues/311

cna@vuldb.com

🔗

https://vuldb.com/submit/807744

cna@vuldb.com

🔗

https://vuldb.com/vuln/360981

cna@vuldb.com

🔗

https://vuldb.com/vuln/360981/cti

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-22

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-05-05

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-7784

💬 Comments

Introduce Yourself

Sign In Required