CVE-2026-12568: Path Traversal and Arbitrary File Write in BBOT postman_download Module

The Babbage Border Obsession Tool (BBOT) is an open-source active scanning and intelligence gathering framework developed by Black Lantern Security. It is extensively utilized by threat intelligence analysts, penetration testers, and security engineers for comprehensive attack surface management and OSINT reconnaissance. The tool operates via a modular architecture, enabling users to execute distinct plugins that interact with various network endpoints, APIs, and file systems to collect and organize footprinting data.

One such component is the postman_download module, which automates the retrieval of environments and workspaces from the Postman API for offline storage and parsing. During scanning operations, this module establishes network communication with the remote Postman endpoint to sync assets. To maintain readability and order on the host filesystem, the module attempts to mirror the workspace structures by dynamically creating folders using metadata properties extracted from the remote workspace objects.

The critical security boundary in this architectural design is the implicit trust placed on the metadata retrieved from external APIs. Because Postman workspaces can be created and managed by third parties, any data retrieved from the remote API must be categorized as untrusted input. In affected versions of BBOT ranging from 2.1.0 to 2.8.5, the local output folder calculation was executed without pathname neutralization. This design flaw exposes the local system to directory traversal attacks when interacting with maliciously named workspaces.

The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and stems from inadequate validation of the workspace name before disk write operations. The vulnerability is located within the save_workspace method of the postman_download module. Upon retrieving workspace details from the Postman API, the framework attempts to dynamically generate a dedicated folder name on the host system to house the resulting configuration files.

To construct this path, BBOT utilizes Python's pathlib.Path class and relies on the division operator (/) to concatenate the base output directory (self.output_dir) with the remote workspace name variable. While pathlib offers robust abstract filesystem operations, it does not validate that a generated path remains relative to the parent directory unless specifically instructed to do so. When a workspace name contains sequence sequences such as ../../, Python's path resolution walks backward up the directory hierarchy, discarding previous path elements.

This behavior means that an attacker who controls the workspace name can force the final path to resolve completely outside the intended destination directory. When the application proceeds to execute directory creation via self.helpers.mkdir(folder) or writes files via self.add_json_to_zip(), it writes files directly to the traversed paths. The lack of any validation of the relative path segments before performing these actions represents the core architectural failure of the vulnerable module.

A deep analysis of the patch introduced in commit 36bc20818206a59f6d430e905248f85c439e5397 illustrates the transition from unsafe path handling to a secure validation model. In the vulnerable version, the save_workspace function processed the workspace name directly from the JSON dictionary without sanitization, leading directly to the directory traversal weakness. The vulnerable code pattern simply assigned folder = self.output_dir / name and created the directory structure without checking boundaries.

To address this, the security patch introduces a multi-layered defense. First, it sanitizes the workspace name by routing it through the self.helpers.tagify() function. This helper replaces or strips characters that represent filesystem delimiters or special sequences, neutralizing obvious path manipulation attempts. Second, the patch introduces a strict canonical boundary check using absolute path resolution:

safe_name = self.helpers.tagify(name)
folder = self.output_dir / safe_name
if not folder.resolve().is_relative_to(self.output_dir.resolve()):
    self.warning(f"Workspace name {name!r} resulted in path traversal, skipping")
    return None

The implementation of .resolve() converts the path into an absolute canonical path, fully evaluating symbolic links and resolving relative references. The is_relative_to() method then explicitly verifies that the resolved target directory is a descendant of the resolved output directory. If this condition is not met, execution is aborted, and a warning is logged. This same sanitization process was applied downstream to collections to prevent identical attacks via collection_name parameters.

Below is the logic flow of the secure validation process implemented in the patch:

Exploiting CVE-2026-12568 requires a specific chain of events involving an attacker-controlled workspace and user interaction from the scanning operator. The primary vector involves an attacker setting up a Postman workspace specifically for exploitation. By naming this workspace with a crafted relative path, such as ../../../../../../../../tmp/, the attacker pre-stages the path traversal payload.

The attack is triggered when a security researcher or automated scanner initiates a BBOT scan that invokes the postman_download module against the compromised Postman account or a public workspace containing the payload. Once the scan is executed, the tool queries the Postman API, parses the malicious workspace structure, and processes the crafted workspace name. Because the application evaluates the path directly, the output destination shifts from the local BBOT workspace to the directory specified by the traversal sequence.

As the module continues execution, it attempts to write the configuration to disk. This results in the creation of a zip file and the writing of a JSON configuration file, such as [workspace_name].postman_workspace.json, in the traversed directory. Because the written file is constrained to the .json extension, the attacker cannot write raw binary executables directly; however, the ability to write structured JSON files to arbitrary directories presents severe risks in systems with automated configuration loaders or active monitoring systems.

The security impact of CVE-2026-12568 is evaluated as Medium, with an official CVSS v3.1 score of 6.5. This score reflects that while the arbitrary file write capability is severe, the exploit relies on user interaction, and the output file format is restricted to structured JSON data. Nevertheless, in high-security environments or automated orchestration pipelines, this limitation does not prevent significant downstream compromise.

For example, if the BBOT framework is executed with root or administrative privileges, an attacker can traverse to system-wide configuration paths or directories monitored by other critical services. Overwriting existing application settings, injecting malicious profiles into automated deployment folders, or modifying startup configurations can allow an attacker to transition from a file write to complete system control. In multi-tenant environments, this flaw can also be utilized to overwrite shared workspaces, leading to privilege escalation.

At present, the vulnerability has an EPSS score of 0.00251, indicating a low immediate probability of active exploitation in wild environments. However, the lack of widespread public exploit kits should not be interpreted as a lack of risk. Organizations utilizing automated threat intelligence feeds or running routine reconnaissance scans against external API resources should prioritize remediating this flaw to secure their internal scanning nodes.

Remediation of CVE-2026-12568 requires updating BBOT installations to a version strictly greater than 2.8.5. For environments where dependencies are frozen or immediate upgrades are blocked by operational controls, administrators can manually implement the security patch inside the postman_download.py module. It is essential to replicate both the tagify sanitization and the canonical resolve() path comparison to ensure comprehensive protection against variant path traversal payloads.

Detecting exploitation attempts requires active log analysis and file integrity monitoring. The patched module outputs a distinctive warning message resulted in path traversal, skipping when it identifies a traversal sequence. Security Operations Centers (SOCs) should ingest BBOT execution logs into their SIEM platforms and configure correlation rules to trigger immediate alerts upon observing this signature.

Furthermore, host-level detection can be implemented using audit subsystems such as Linux auditd. By monitoring file system write events originating from the BBOT process, administrators can detect any abnormal attempts to write outside the standard output directory tree. Implementing strict segregation of privileges—such as running BBOT within an unprivileged container or under a dedicated service account with highly restricted write permissions—limits the potential damage of any exploitation attempts.