Skip to main content

matlab-mcp-server EUVDEUVD-2026-26050

| CVE-2026-7272 MEDIUM
Path Traversal (CWE-22)
2026-04-28 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Analysis Generated
Apr 28, 2026 - 14:30 vuln.today
Severity Changed
Apr 28, 2026 - 14:22 NVD
HIGH MEDIUM
CVSS changed
Apr 28, 2026 - 14:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
EUVD ID Assigned
Apr 28, 2026 - 14:00 euvd
EUVD-2026-26050
Analysis Generated
Apr 28, 2026 - 14:00 vuln.today
CVE Published
Apr 28, 2026 - 13:00 nvd
MEDIUM 5.5

DescriptionCVE.org

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate_matlab_code/execute_matlab_code of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in WilliamCloudQi matlab-mcp-server allows remote unauthenticated attackers to manipulate the scriptPath argument in the generate_matlab_code and execute_matlab_code functions, enabling unauthorized file system access with confidentiality and integrity impact. The vulnerability affects versions up to commit ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca, has publicly available exploit code, and the vendor has not yet responded to early disclosure notification.

Technical ContextAI

The matlab-mcp-server is a Model Context Protocol (MCP) interface implemented in TypeScript (src/index.ts) that processes MATLAB script execution requests. The vulnerability exists in the path handling logic of the generate_matlab_code and execute_matlab_code functions, which fail to properly validate or sanitize the scriptPath parameter before using it in file system operations. This is a classic CWE-22 path traversal flaw where an attacker can use directory traversal sequences (e.g., '../', absolute paths, or symbolic links) to access files outside the intended script directory. The MCP interface accepts remote requests over the network without authentication, exposing this functionality directly to unauthenticated network access.

RemediationAI

Upgrade to a patched version once released by the WilliamCloudQi project; however, no vendor-released patch is currently available as the maintainer has not yet responded to disclosure. As an immediate mitigation, restrict network access to the matlab-mcp-server MCP interface using network-level controls such as firewall rules or VPC security groups to permit requests only from trusted MCP clients. Disable the generate_matlab_code and execute_matlab_code functions if they are not essential to your deployment, and implement input validation in the MCP layer to reject scriptPath arguments containing '..' sequences, absolute paths, or other traversal indicators. Additionally, run the matlab-mcp-server process with minimal file system permissions (e.g., chroot jail, containerization with read-only root filesystem, or process-level access controls) to limit the damage if path traversal exploitation occurs. Monitor the GitHub repository (https://github.com/WilliamCloudQi/matlab-mcp-server) and VulDB for patch updates. If the vendor remains unresponsive, consider forking the repository and applying a fix locally by sanitizing the scriptPath parameter with a whitelist of allowed directories or using safe path resolution APIs that prevent traversal.

Share

EUVD-2026-26050 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy