Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in ravenwits mcp-server-arangodb up to version 0.4.7 allows authenticated remote attackers to manipulate the outputDir argument in the arango_backup function, enabling unauthorized file system access with limited confidentiality and integrity impact. The vulnerability affects the MCP Interface component and has publicly available exploit code; however, the low CVSS score (2.1) reflects constrained real-world risk due to the requirement for authenticated access and limited technical impact scope.
Technical ContextAI
The vulnerability exists in the arango_backup function within src/tools.ts of the MCP Interface component. The root cause is improper input validation on the outputDir parameter (CWE-22: Improper Limitation of a Pathname to a Restricted Directory), which fails to sanitize or canonicalize user-supplied path input before using it in file system operations. This allows an attacker to use path traversal sequences (e.g., ../, ..\ or symbolic links) to access files and directories outside the intended backup directory, potentially reading or writing sensitive files accessible to the application's process. The MCP (Model Context Protocol) framework typically runs with specific privilege boundaries, which limits the scope of accessible resources.
RemediationAI
Upgrade ravenwits mcp-server-arangodb to the first available patched version after 0.4.7; check the official GitHub repository at https://github.com/ravenwits/mcp-server-arangodb/ for the current stable release and security advisories. If a patch is not yet available despite public disclosure, implement strict input validation on the outputDir parameter by using allowlist-based path validation, restricting the backup directory to a hardcoded or administrator-approved base path and rejecting any input containing ../, ..\ or symbolic link traversal sequences. Additionally, run the mcp-server-arangodb process with minimal file system privileges (principle of least privilege) and confine its access to a dedicated, isolated directory tree, preventing exploitation from reaching sensitive system files even if path traversal succeeds. Monitor the project's GitHub issue #7 (https://github.com/ravenwits/mcp-server-arangodb/issues/7) for patch release announcements.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26866