Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of the argument filename/destination results in path traversal. The attack may be performed from remote. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in ef10007 MLOps_MCP 1.0.0 allows remote unauthenticated attackers to write files to arbitrary filesystem locations via manipulation of the filename/destination argument in the save_file tool of fastmcp_server.py. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification, leaving affected deployments without an official patch.
Technical ContextAI
The vulnerability exists in the save_file tool within fastmcp_server.py, a component of the MLOps_MCP framework (an MCP - Model Context Protocol - server implementation for ML operations). The root cause is improper input validation of file path arguments (CWE-22: Improper Limitation of a Pathname to a Restricted Directory), allowing attackers to use path traversal sequences (such as '../' or absolute paths) to escape the intended save directory and write files anywhere the server process has permissions. This is a classic path traversal flaw affecting file manipulation endpoints that fail to canonicalize and validate user-supplied paths before filesystem operations.
RemediationAI
No vendor-released patch identified at time of analysis. The vendor has not responded to the early disclosure notification filed via GitHub issue. Immediate remediation options: (1) Restrict network access to MLOps_MCP deployments using firewall rules or VPC isolation, permitting only trusted internal hosts to reach the fastmcp_server endpoint (trade-off: reduces operational flexibility for remote ML workflows). (2) Implement input validation at the application layer or via reverse proxy (e.g., nginx/Apache) to reject requests with path traversal patterns ('../', '..\', absolute paths starting with '/', URL-encoded variants) before they reach the save_file tool (trade-off: must maintain blocklist of patterns; bypasses possible but detectable). (3) Run MLOps_MCP under a restricted system user with minimal filesystem permissions, limiting file writes to a dedicated non-critical directory tree (trade-off: may break intended functionality if legitimate workflows require broader write access). (4) Monitor filesystem write operations from the MLOps_MCP process using OS-level controls (auditd on Linux, File Integrity Monitoring) to detect and alert on suspicious writes outside the intended directory. Continue monitoring the GitHub repository and VulDB for vendor patches; if and when a fix is released, upgrade immediately.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25966