Skip to content
Threat Feed

Product

Scaffold-Mcp

1 brief RSS
high advisory

AgiFlow scaffold-mcp Path Traversal Vulnerability (CVE-2026-7237)

A path traversal vulnerability (CVE-2026-7237) exists in AgiFlow scaffold-mcp versions up to 1.0.27, allowing remote attackers to write to arbitrary files by manipulating the file_path argument in the write-to-file tool.

scaffold-mcp path-traversal cve web-application
2r 1t 1c