Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in ggerve coding-standards-mcp server.py allows remote unauthenticated attackers to access arbitrary files by manipulating the Language parameter in the get_style_guide and get_best_practices functions. The vulnerability has publicly available exploit code and affects the product's rolling-release model where specific vulnerable versions are not formally documented. The project maintainer has not yet responded to the early vulnerability disclosure.
Technical ContextAI
The vulnerability exists in the Python-based coding-standards-mcp server (a Model Context Protocol implementation for coding standards) in the server.py file. The get_style_guide and get_best_practices functions accept a Language parameter that is used to construct file paths without proper sanitization or validation. This allows attackers to inject path traversal sequences (e.g., ../) into the Language argument, enabling directory traversal attacks. The root cause is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). This is a classic server-side path manipulation vulnerability where user-supplied input is directly used in file system operations without canonicalization or whitelist validation.
RemediationAI
Update to the latest version of coding-standards-mcp from the GitHub repository (https://github.com/ggerve/coding-standards-mcp/) once the maintainer releases a fix. At time of analysis, no patched version has been released; users should monitor the repository for fixes following the vulnerability disclosure at https://github.com/ggerve/coding-standards-mcp/issues/3. Immediate compensating controls include: (1) Restrict network access to the coding-standards-mcp server to internal-only networks or VPN-protected access, blocking direct internet exposure; (2) Implement input validation in server.py to sanitize the Language parameter by rejecting any input containing ../ or absolute path sequences, allowing only alphanumeric language identifiers; (3) Deploy a reverse proxy (nginx/Apache) in front of the server with WAF rules to block path traversal payloads in the Language parameter; (4) Ensure the process running the server operates with minimal file system permissions, restricted to only necessary style guide and best practices directories. These controls reduce exposure while awaiting a vendor patch.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26704