EUVD-2026-33725
GHSA-vgmg-2m2p-qqqj
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in ishayoyo excel-mcp (all versions through 1.0.2) allows remote low-privileged attackers to read or write arbitrary files on the host system by manipulating the filePath or outputPath arguments passed to the read_file and write_file MCP tool handlers in src/index.ts. The CVSS 4.0 score is 2.1 (Low), but a publicly available proof-of-concept exploit exists via a GitHub issue disclosure, and no vendor patch has been released - the maintainer has not responded to the responsible disclosure report. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold at least low-level authenticated access to the excel-mcp MCP server, confirmed by CVSS PR:L - unauthenticated remote exploitation is not possible based on the provided vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.1 (Low) reflects a constrained impact envelope: the attack requires low-level authentication (PR:L), all impact dimensions are rated Low (VC:L/VI:L/VA:L), and there is no subsequent system scope (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged authenticated caller of an excel-mcp MCP deployment invokes the read_file tool with a filePath argument containing traversal sequences such as '../../etc/passwd', causing the server to resolve and return the contents of files outside the intended working directory. Because a public proof-of-concept is documented in GitHub issue #6 (https://github.com/ishayoyo/excel-mcp/issues/6), the technique is readily reproducible with minimal modification. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the project maintainer has not responded to the responsible disclosure. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today