Skip to main content

kicad-mcp CVE-2026-15528

| EUVDEUVD-2026-43273 LOW
Protection Mechanism Failure (CWE-693)
2026-07-13 VulDB GHSA-c7fc-wmwf-cvvh
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.3 LOW

Local-only vector with low-privilege requirement for path traversal yielding limited read access; no integrity, availability, or scope-change impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jul 13, 2026 - 04:28 vuln.today
Severity Changed
Jul 13, 2026 - 04:22 NVD
MEDIUM LOW
CVSS changed
Jul 13, 2026 - 04:22 NVD
4.8 (MEDIUM) 1.9 (LOW)

DescriptionCVE.org

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicad_mcp/utils/path_validator.py. Performing a manipulation of the argument project_path/schematic_path results in protection mechanism failure. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path validation bypass in kicad-mcp up to 3.3.1 enables local low-privileged users to read files outside intended directory scope by manipulating the project_path or schematic_path arguments processed by kicad_mcp/utils/path_validator.py. The protection mechanism in this MCP (Model Context Protocol) server for KiCad PCB design software fails to adequately sanitize or normalize supplied paths, resulting in limited confidentiality impact with no integrity or availability consequences. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privileged account access
Delivery
Invoke kicad-mcp with crafted project_path or schematic_path
Exploit
Bypass path_validator.py sanitization
Execution
Traverse filesystem outside project directory
Impact
Read sensitive files accessible to kicad-mcp process

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to a machine running kicad-mcp (AV:L per CVSS 4.0) and at least low-privileged operating system credentials (PR:L) sufficient to invoke the kicad-mcp service and supply controlled values for the `project_path` or `schematic_path` arguments processed by `kicad_mcp/utils/path_validator.py`. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with standard low-privileged credentials on a shared workstation running kicad-mcp crafts a `project_path` or `schematic_path` argument containing path traversal sequences (e.g., `../../etc/passwd`) and passes it to the kicad-mcp service, which fails to normalize or reject the input in `path_validator.py`. The service resolves the traversal and returns contents of a file outside the intended project directory, exposing sensitive data readable by the kicad-mcp process account. …
Remediation No vendor-released patch has been identified at time of analysis - the project maintainer was notified via the GitHub issue tracker but has not responded. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15528 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy