{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/scaffold-mcp/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7237"}],"_cs_exploited":false,"_cs_products":["scaffold-mcp"],"_cs_severities":["high"],"_cs_tags":["path-traversal","cve","web-application"],"_cs_type":"advisory","_cs_vendors":["AgiFlow"],"content_html":"\u003cp\u003eAgiFlow scaffold-mcp, a software component with unknown functionality, is vulnerable to a path traversal attack. This vulnerability, identified as CVE-2026-7237, affects versions up to 1.0.27. The vulnerability resides in the \u003ccode\u003epackages/scaffold-mcp/src/server/index.ts\u003c/code\u003e file, specifically within the \u0026ldquo;write-to-file\u0026rdquo; tool. An attacker can remotely exploit this flaw by manipulating the \u003ccode\u003efile_path\u003c/code\u003e argument, enabling them to write to arbitrary locations on the server. A patch has been released in version 1.1.0 with commit hash \u003ccode\u003ec4d23592ae5fb59cfeefc4641e6826f8ac89b9c6\u003c/code\u003e to address this vulnerability. The exploit is publicly available.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an AgiFlow scaffold-mcp instance running a vulnerable version (\u0026lt;= 1.0.27).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request targeting the \u0026ldquo;write-to-file\u0026rdquo; tool.\u003c/li\u003e\n\u003cli\u003eThe request includes a manipulated \u003ccode\u003efile_path\u003c/code\u003e argument containing path traversal sequences (e.g., \u0026ldquo;../\u0026rdquo;, \u0026ldquo;..\\\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eThe server-side application processes the request without proper sanitization or validation of the \u003ccode\u003efile_path\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe application attempts to write data to the attacker-controlled file path.\u003c/li\u003e\n\u003cli\u003eDue to the path traversal sequences, the data is written to an arbitrary location on the server\u0026rsquo;s file system.\u003c/li\u003e\n\u003cli\u003eThe attacker may overwrite critical system files, inject malicious code, or exfiltrate sensitive data, depending on the write permissions and targeted file location.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation leads to arbitrary code execution, data compromise, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7237 allows attackers to write arbitrary files to the affected system, potentially leading to code execution, data exfiltration, or denial of service. The number of affected installations is currently unknown. Due to the public availability of the exploit, organizations using AgiFlow scaffold-mcp are at immediate risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade AgiFlow scaffold-mcp to version 1.1.0 or later to remediate CVE-2026-7237, applying the patch identified by commit hash \u003ccode\u003ec4d23592ae5fb59cfeefc4641e6826f8ac89b9c6\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003efile_path\u003c/code\u003e argument within the \u0026ldquo;write-to-file\u0026rdquo; tool to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect AgiFlow Scaffold-mcp Path Traversal Attempt\u0026rdquo; to identify exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences in the URI.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T08:16:02Z","date_published":"2026-04-28T08:16:02Z","id":"/briefs/2024-01-agiflow-path-traversal/","summary":"A path traversal vulnerability (CVE-2026-7237) exists in AgiFlow scaffold-mcp versions up to 1.0.27, allowing remote attackers to write to arbitrary files by manipulating the file_path argument in the write-to-file tool.","title":"AgiFlow scaffold-mcp Path Traversal Vulnerability (CVE-2026-7237)","url":"https://feed.craftedsignal.io/briefs/2024-01-agiflow-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Scaffold-Mcp","version":"https://jsonfeed.org/version/1.1"}