🟡 [MEDIUM] CB-013: CWD-Based Config Loading Allows Config Injection #22

New issue

Open

opened 2026-02-20 08:50:04 +00:00 by Alpha · 0 comments

Alpha commented 2026-02-20 08:50:04 +00:00

Copy link

Security Finding from Audit

Parent issue: #1

Severity

MEDIUM 🟡

CVSS Score

N/A

CWE

CWE-427 (Uncontrolled Search Path Element)

Location

config/plugin.py, _load_config_file()

---

Description

Configuration is loaded from the current working directory (Path("cobot.yml")), which takes precedence over the home config.

If the agent is started from a directory writable by other users (e.g., /tmp), an attacker can plant a malicious config file that disables security, redirects the LLM to a malicious endpoint, or enables unrestricted exec.

---

Recommendation

Warn if loading config from a world-writable directory. Validate config file ownership and permissions.

---

From: Cobot Whitebox Security Audit (February 14, 2026)
Finding ID: CB-013

## Security Finding from Audit > Parent issue: #1 ### Severity **MEDIUM** 🟡 ### CVSS Score N/A ### CWE CWE-427 (Uncontrolled Search Path Element) ### Location `config/plugin.py, _load_config_file()` --- ### Description Configuration is loaded from the current working directory (`Path("cobot.yml")`), which takes precedence over the home config. If the agent is started from a directory writable by other users (e.g., `/tmp`), an attacker can plant a malicious config file that disables security, redirects the LLM to a malicious endpoint, or enables unrestricted exec. --- ### Recommendation Warn if loading config from a world-writable directory. Validate config file ownership and permissions. --- *From: Cobot Whitebox Security Audit (February 14, 2026)* *Finding ID: CB-013*

Alpha referenced this issue 2026-02-20 08:50:41 +00:00

Security Audit Report: 21 Findings (4 Critical, 5 High) #1

doxios added the

Kind/Security

Priority

Medium

labels 2026-02-20 10:34:41 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/filedrop-error-handling

feat/communication-events

kn/web-plugin-v2-product-brief

feature/telegram-lurker

docs/prd-plugin-dependency-tree

feature/interaction-ledger-merged

fix/headless-mode

feature/dockerization

fix/filedrop-malformed-json

docs/product-brief

docs/prd

docs/bmad-brownfield-scan

release/v0.2.0

feat/176-workspace-location

fix/174-exec-cwd

fix/deploy-v2

test/init-integration

fix/deploy-command

fix/graceful-plugin-discovery

feat/trust-plugin

fix/identity-and-wake

fix/forgejo-ci-workflow

fix/test-alpha-script

fix/filedrop-reply-to-sender

fix/filedrop-reply-logging

feature/openai-compat

fix/99-telegram-pairing-passthrough

fix/deploy-chown

chore/retrigger-deploy-2

fix/retrigger-deploy

feat/integration-tests

feat/deploy-workspace-context

fix/alpha-deploy-bugs

fix/deploy-known-hosts

fix/deploy-workflow-v2

test/deploy-ci-verification

fix/deploy-workflow-simplify

fix/trigger-deploy-test

fix/add-deploy-script

fix/deploy-runner-label

fix/deploy-debug

fix/deploy-host-fingerprint

feature/auto-deploy

fix-97

story-109

fix/97-run-sync-typo

story-108

story-107

story-106

story-105

story-103

feat/colored-logs

story-80

fix/antipattern-cleanup

story-75

story-69

story-70

story-62

story-61

story-60

feature/scheduled-execution

feature/knowledge-plugin

k9ert-patch-4

k9ert-patch-3

k9ert-patch-2

k9ert-patch-1

v0.2.0-rc.1

v0.1.0

Labels

Clear labels   

Compat/Breaking

Breaking change that won't be backward compatible

  

Kind/Bug

Something is not working

  

Kind/Competitor

Anything we found interesting at competitory

  

Kind/Documentation

Documentation changes

  

Kind/Enhancement

Improve existing functionality

  

Kind/Epic

Business requirement — groups related stories

  

Kind/Feature

New functionality

  

Kind/Security

This is security issue

  

Kind/Story

Implementable unit with AC — results in a PR

  

Kind/Testing

Issue or pull request related to testing

  

Priority

Critical

The priority is critical

  

Priority

High

The priority is high

  

Priority

Low

The priority is low

  

Priority

Medium

The priority is medium

  

Reviewed

Confirmed

Issue has been confirmed

  

Reviewed

Duplicate

This issue or pull request already exists

  

Reviewed

Invalid

Invalid issue

  

Reviewed

Won't Fix

This issue won't be fixed

  

Scope/Core

Changes to core non-plugin code (CLI, config loading, etc.).

  

Scope/Cross-Plugin

Touches multiple existing plugins. Needs extra scrutiny, may require a PRD.

  

Scope/Plugin-System

Changes to plugin infrastructure (base.py, registry.py, interfaces.py, __init__.py, agent.py plugin dispatch). PRD required before merge.

  

Scope/Single-Plugin

Changes contained to one plugin (or adds one new plugin). Standard review.

  

Status

Abandoned

Somebody has started to work on this but abandoned work

  

Status

Blocked

Something is blocking this issue or pull request

  

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No labels

Compat/Breaking

Kind/Bug

Kind/Competitor

Kind/Documentation

Kind/Enhancement

Kind/Epic

Kind/Feature

Kind/Security

Kind/Story

Kind/Testing

Priority

Critical

Priority

High

Priority

Low

Priority

Medium

Reviewed

Confirmed

Reviewed

Duplicate

Reviewed

Invalid

Reviewed

Won't Fix

Scope/Core

Scope/Cross-Plugin

Scope/Plugin-System

Scope/Single-Plugin

Status

Abandoned

Status

Blocked

Status

Need More Info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

ultanio/cobot#22

No description provided.