A vulnerability categorized as problematic has been discovered in OpenBMB XAgent up to 1.0.0. Affected by this issue is the function
File of the file XAgent/XAgentServer/application/routers/workspace.py of the component Workspace. Executing a manipulation of the argument filename can lead to path traversal.
This vulnerability appears as CVE-2026-26396. The attack may be performed from remote. There is no available exploit.