CVE-2026-7400 in filesystem-mcp-serverالمعلومات

الملخص

بحسب MITRE • 29/04/2026

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.1.0 is capable of addressing this issue. The name of the patch is 45364545fc60dc80aadcd4379f08042d3d3d292e. Upgrading the affected component is advised.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

VulDB

إفشاء

29/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-360123

CPE

جاهز

CWE

CWE-22 (مؤكد)

استغلال

تحميل

CVSS

7.3 (VulDB)

EPSS

0.00073

KEV

لا

النشاطات

منخفض جدًا

القطاع

Chemical, Police, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7400
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7400
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7400/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!