Cline Mcp Memory Bank
Monthly
Path traversal in dazeb cline-mcp-memory-bank exposes host filesystems to authenticated remote attackers via unsanitized user input in the `handleInitializeMemoryBank` function of `src/index.ts`. All versions up to and including commit 55c81b9cf6c16700983c84dc4cdea3cafa19a75f are affected, covering the entire release history of this rolling-release MCP memory tool. A public proof-of-concept exploit exists via the project's GitHub issue tracker, though EPSS scoring (0.04%, 13th percentile) and SSVC's non-automatable classification suggest limited mass exploitation risk at time of analysis.
Path traversal in dazeb cline-mcp-memory-bank exposes host filesystems to authenticated remote attackers via unsanitized user input in the `handleInitializeMemoryBank` function of `src/index.ts`. All versions up to and including commit 55c81b9cf6c16700983c84dc4cdea3cafa19a75f are affected, covering the entire release history of this rolling-release MCP memory tool. A public proof-of-concept exploit exists via the project's GitHub issue tracker, though EPSS scoring (0.04%, 13th percentile) and SSVC's non-automatable classification suggest limited mass exploitation risk at time of analysis.