{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/filesystem-mcp-server/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7400"}],"_cs_exploited":false,"_cs_products":["filesystem-mcp-server"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","cve-2026-7400"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical path traversal vulnerability, identified as CVE-2026-7400, affects geekgod382 filesystem-mcp-server version 1.0.0. This vulnerability resides within the \u003ccode\u003eis_path_allowed\u003c/code\u003e function in the \u003ccode\u003eserver.py\u003c/code\u003e file, specifically in the \u003ccode\u003eread_file_tool/write_file_tool\u003c/code\u003e component. A remote attacker can exploit this weakness to bypass intended access restrictions and potentially read or write sensitive files outside the designated directories. Publicly available exploit code exists, increasing the urgency for remediation. Upgrade to version 1.1.0 to apply the patch (45364545fc60dc80aadcd4379f08042d3d3d292e) and mitigate this risk. This vulnerability allows attackers to potentially gain unauthorized access to the underlying system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of \u003ccode\u003efilesystem-mcp-server\u003c/code\u003e version 1.0.0 exposed to the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u003ccode\u003eread_file_tool\u003c/code\u003e or \u003ccode\u003ewrite_file_tool\u003c/code\u003e component.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a path traversal sequence (e.g., \u003ccode\u003e../\u003c/code\u003e) within the file path parameter.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eis_path_allowed\u003c/code\u003e function fails to properly sanitize the input path, allowing the traversal sequence to bypass intended restrictions.\u003c/li\u003e\n\u003cli\u003eThe application processes the request, accessing a file outside the intended directory.\u003c/li\u003e\n\u003cli\u003eIf using \u003ccode\u003eread_file_tool\u003c/code\u003e, the contents of the unauthorized file are returned to the attacker.\u003c/li\u003e\n\u003cli\u003eIf using \u003ccode\u003ewrite_file_tool\u003c/code\u003e, the attacker can overwrite legitimate files, potentially injecting malicious code.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation allows the attacker to read sensitive information or achieve arbitrary code execution on the server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability (CVE-2026-7400) can allow an attacker to read arbitrary files from the affected server, potentially exposing sensitive data such as configuration files, credentials, or internal documents. If the write_file_tool is exploited, the attacker might overwrite critical system files, leading to denial of service or arbitrary code execution. This issue affects systems running geekgod382 filesystem-mcp-server version 1.0.0.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to geekgod382 filesystem-mcp-server version 1.1.0 to apply the patch (45364545fc60dc80aadcd4379f08042d3d3d292e) that fixes CVE-2026-7400.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;filesystem-mcp-server Path Traversal Attempt\u0026rdquo; to detect potential exploitation attempts against the filesystem-mcp-server.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences (\u003ccode\u003e../\u003c/code\u003e, \u003ccode\u003e..\\\\\u003c/code\u003e) targeting file access endpoints, as this may indicate exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization measures to prevent path traversal attacks, even after upgrading, as defense-in-depth.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-filesystem-mcp-server-path-traversal/","summary":"A path traversal vulnerability exists in geekgod382 filesystem-mcp-server version 1.0.0 allowing remote attackers to access unauthorized files due to insufficient path validation in the is_path_allowed function.","title":"geekgod382 filesystem-mcp-server Path Traversal Vulnerability (CVE-2026-7400)","url":"https://feed.craftedsignal.io/briefs/2024-01-filesystem-mcp-server-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Filesystem-Mcp-Server","version":"https://jsonfeed.org/version/1.1"}