Skip to main content

CVE-2026-7400

| EUVD-2026-26281 MEDIUM
Path Traversal (CWE-22)
2026-04-29 VulDB
Path Traversal
5.5
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
PoC Detected
Apr 29, 2026 - 21:16 vuln.today
Public exploit code
Severity Changed
Apr 29, 2026 - 20:22 NVD
HIGH MEDIUM
CVSS changed
Apr 29, 2026 - 20:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)
EUVD ID Assigned
Apr 29, 2026 - 19:30 euvd
EUVD-2026-26281
Patch released
Apr 29, 2026 - 19:30 nvd
Patch available
CVE Published
Apr 29, 2026 - 19:00 nvd
MEDIUM 5.5

DescriptionNVD

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.1.0 is capable of addressing this issue. The name of the patch is 45364545fc60dc80aadcd4379f08042d3d3d292e. Upgrading the affected component is advised.

Analysis

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-7400 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy