Skip to content
Threat Feed
high advisory

CVE-2026-61462 - mcp-gitlab Path Traversal Vulnerability Leading to Unauthorized API Access

A path traversal vulnerability, CVE-2026-61462, in the job_id parameter of build/index.js within mcp-gitlab allows attackers to redirect GitLab API requests to arbitrary endpoints by escaping the intended path prefix, leveraging the operator's personal access token for unauthorized access.

CVE-2026-61462 details a significant path traversal vulnerability present in mcp-gitlab, specifically within the job_id parameter of the build/index.js component. This flaw enables an attacker to manipulate file paths, effectively allowing them to redirect internal GitLab API requests to arbitrary endpoints. By crafting malicious job_id values, such as ../../../user, attackers can bypass security controls that restrict access to specific directories. This exploitation grants them unauthorized access to sensitive GitLab API resources, crucially leveraging the operator's personal access token. The successful exploitation of this vulnerability could lead to comprehensive compromise of GitLab data and functions associated with the operator's privileges, making it critical for organizations using mcp-gitlab to address. This vulnerability poses a direct threat to data confidentiality and integrity within affected environments.

Attack Chain

  1. An attacker crafts a malicious HTTP GET or POST request targeting the build/index.js endpoint of a vulnerable mcp-gitlab instance.
  2. The crafted request includes a job_id parameter containing path traversal sequences, such as ../../../ followed by a target API endpoint (e.g., ../../../user).
  3. The mcp-gitlab application processes the job_id parameter without proper sanitization or validation of the input path.
  4. Due to the path traversal vulnerability, the application's internal request handling redirects or attempts to access a GitLab API resource outside of the intended directory.
  5. The redirected internal API request is executed with the privileges of the mcp-gitlab operator, specifically using their personal access token.
  6. The attacker gains unauthorized access to the GitLab API resource specified in their crafted job_id, bypassing access controls.
  7. This unauthorized access allows the attacker to view, modify, or exfiltrate sensitive data and potentially control aspects of the GitLab environment.

Impact

Successful exploitation of CVE-2026-61462 grants attackers unauthorized access to arbitrary GitLab API resources by leveraging the operator's personal access token. This could lead to severe consequences, including the exfiltration of sensitive source code, intellectual property, or user data. Attackers could also manipulate repositories, pipelines, or user accounts, causing significant disruption to development workflows and potentially enabling further lateral movement within an organization's infrastructure. The vulnerability's high CVSS v3.1 Base Score of 8.6 indicates a critical risk, suggesting that exploitation could result in significant data compromise or system integrity loss.

Recommendation

  • Patch CVE-2026-61462 on all mcp-gitlab instances immediately to prevent exploitation.
  • Deploy the Sigma rule below to your SIEM to detect attempts to exploit this vulnerability.
  • Enable comprehensive webserver logging to capture full HTTP request details, including URI stems and query parameters, to ensure the rule can be effectively activated.

Detection coverage 1

Detects CVE-2026-61462 Exploitation - Path Traversal in mcp-gitlab build/index.js

high

Detects exploitation attempts for CVE-2026-61462, a path traversal vulnerability in mcp-gitlab's build/index.js endpoint, by looking for path traversal sequences in the 'job_id' parameter.

sigma tactics: credential_access, initial_access techniques: T1078, T1190 sources: webserver

Detection queries are available on the platform. Get full rules →