Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate_matlab_code/execute_matlab_code of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in WilliamCloudQi matlab-mcp-server allows remote unauthenticated attackers to manipulate the scriptPath argument in the generate_matlab_code and execute_matlab_code functions, enabling unauthorized file system access with confidentiality and integrity impact. The vulnerability affects versions up to commit ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca, has publicly available exploit code, and the vendor has not yet responded to early disclosure notification.
Technical ContextAI
The matlab-mcp-server is a Model Context Protocol (MCP) interface implemented in TypeScript (src/index.ts) that processes MATLAB script execution requests. The vulnerability exists in the path handling logic of the generate_matlab_code and execute_matlab_code functions, which fail to properly validate or sanitize the scriptPath parameter before using it in file system operations. This is a classic CWE-22 path traversal flaw where an attacker can use directory traversal sequences (e.g., '../', absolute paths, or symbolic links) to access files outside the intended script directory. The MCP interface accepts remote requests over the network without authentication, exposing this functionality directly to unauthenticated network access.
RemediationAI
Upgrade to a patched version once released by the WilliamCloudQi project; however, no vendor-released patch is currently available as the maintainer has not yet responded to disclosure. As an immediate mitigation, restrict network access to the matlab-mcp-server MCP interface using network-level controls such as firewall rules or VPC security groups to permit requests only from trusted MCP clients. Disable the generate_matlab_code and execute_matlab_code functions if they are not essential to your deployment, and implement input validation in the MCP layer to reject scriptPath arguments containing '..' sequences, absolute paths, or other traversal indicators. Additionally, run the matlab-mcp-server process with minimal file system permissions (e.g., chroot jail, containerization with read-only root filesystem, or process-level access controls) to limit the damage if path traversal exploitation occurs. Monitor the GitHub repository (https://github.com/WilliamCloudQi/matlab-mcp-server) and VulDB for patch updates. If the vendor remains unresponsive, consider forking the repository and applying a fix locally by sanitizing the scriptPath parameter with a whitelist of allowed directories or using safe path resolution APIs that prevent traversal.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26050