Skip to main content

Chrome Devtools Mcp

1 CVEs product

Monthly

CVE-2026-53766 MEDIUM PATCH This Month

Symlink-based workspace boundary bypass in chrome-devtools-mcp (versions 0.24.0 through before 1.1.0) allows a local low-privileged actor - including an AI coding agent itself - to read or overwrite files outside the configured workspace root. The McpContext.validatePath() function performs only a lexical prefix check on the resolved path and never canonicalizes symbolic links, so an in-root symlink whose target lies outside the root passes validation and causes downstream file operations to act on the real out-of-workspace target. No public exploit has been identified and the CVE is not listed in CISA KEV; a vendor-released patch is available in version 1.1.0.

Path Traversal Google Chrome Devtools Mcp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Symlink-based workspace boundary bypass in chrome-devtools-mcp (versions 0.24.0 through before 1.1.0) allows a local low-privileged actor - including an AI coding agent itself - to read or overwrite files outside the configured workspace root. The McpContext.validatePath() function performs only a lexical prefix check on the resolved path and never canonicalizes symbolic links, so an in-root symlink whose target lies outside the root passes validation and causes downstream file operations to act on the real out-of-workspace target. No public exploit has been identified and the CVE is not listed in CISA KEV; a vendor-released patch is available in version 1.1.0.

Path Traversal Google Chrome Devtools Mcp
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy