Human
Machine
REPRO-2026-00070 HIGH RCE
Verified
wlc: Path traversal via unsanitized API slugs in download command
wlc (pip) Jan 17, 2026
What's the vulnerability?
Multi-translation download could write to an arbitrary location when instructed by a crafted server.
Root Cause Analysis
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00070 or
pruva-verify GHSA-mmwx-79f6-67jg or
pruva-verify CVE-2026-23535 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00070/artifacts/repro/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...