A vulnerability described as critical has been identified in ComposioHQ Composio SDK up to 0.2.32-beta.282. This impacts the function readFileFromDisk of the file tool-file-uploads.ts of the component File Upload. Executing a manipulation of the argument file_uploadable can lead to unrestricted upload.

This vulnerability is registered as CVE-2026-59807. It is possible to launch the attack remotely. No exploit is available.