CVE-2026-33989 in mobile-next mobile-mcp정보

요약 (영어)

Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue.

책임이 있는

GitHub_M

예약하다

2026. 03. 24.

공개

2026. 03. 28.

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디	취약성	CWE	악용	대책	CVE
354065	mobile-next mobile-mcp Fileystem Operation mobile_start_screen_recording 디렉토리 순회	22	정의되지 않음	공식 수정	CVE-2026-33989

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

◂ 이전개요다음 ▸

Do you need the next level of professionalism?

Upgrade your account now!