{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/kaggle-mcp/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7149"}],"_cs_exploited":false,"_cs_products":["kaggle-mcp"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","cve"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA path traversal vulnerability has been identified in the kaggle-mcp project, specifically affecting versions up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. The vulnerability resides within the \u003ccode\u003eprepare_kaggle_dataset\u003c/code\u003e function located in the \u003ccode\u003esrc/kaggle_mcp/server.py\u003c/code\u003e file.  Successful exploitation allows a remote attacker to read sensitive files from the server. The vulnerability stems from insufficient sanitization of the \u003ccode\u003ecompetition_id\u003c/code\u003e argument. The exploit is publicly known, increasing the risk of widespread exploitation. The project uses a rolling release model, making it difficult to pinpoint specific affected versions. The maintainers have been notified but have not yet addressed the issue.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable kaggle-mcp instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the endpoint that utilizes the \u003ccode\u003eprepare_kaggle_dataset\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a path traversal sequence (e.g., \u003ccode\u003e../\u003c/code\u003e) into the \u003ccode\u003ecompetition_id\u003c/code\u003e parameter of the HTTP request.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize the \u003ccode\u003ecompetition_id\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eprepare_kaggle_dataset\u003c/code\u003e function uses the unsanitized \u003ccode\u003ecompetition_id\u003c/code\u003e to construct a file path.\u003c/li\u003e\n\u003cli\u003eThe application accesses a file outside of the intended directory due to the path traversal.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the contents of the accessed file in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats this process to enumerate and exfiltrate sensitive files, potentially gaining access to credentials, configuration files, or source code.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to read arbitrary files on the server hosting the kaggle-mcp application. This can lead to the disclosure of sensitive information, such as configuration files containing database credentials, API keys, or source code. This information can be further leveraged to compromise other systems or data. The number of potential victims is unknown, but depends on the adoption rate of the vulnerable kaggle-mcp application.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for HTTP requests containing path traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e, \u003ccode\u003e..%2f\u003c/code\u003e) in the \u003ccode\u003ecs-uri-query\u003c/code\u003e field targeting endpoints associated with the \u003ccode\u003eprepare_kaggle_dataset\u003c/code\u003e function using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003ecompetition_id\u003c/code\u003e parameter to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for unusual file access patterns originating from the kaggle-mcp application based on the provided Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T10:00:00Z","date_published":"2024-01-09T10:00:00Z","id":"/briefs/2024-01-kaggle-mcp-path-traversal/","summary":"A path traversal vulnerability exists in the prepare_kaggle_dataset function of kaggle-mcp up to version 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d, allowing remote attackers to access arbitrary files by manipulating the competition_id argument.","title":"Kaggle-MCP Path Traversal Vulnerability in prepare_kaggle_dataset Function","url":"https://feed.craftedsignal.io/briefs/2024-01-kaggle-mcp-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Kaggle-Mcp","version":"https://jsonfeed.org/version/1.1"}