Godot Mcp
Monthly
Path traversal in tugcantopaloglu godot-mcp 2.0.0 allows a local low-privileged user to escape the intended project directory by manipulating the projectPath argument passed to the validatePath function within the run_project component. A public proof-of-concept has been disclosed via GitHub issue #9, raising practical exploitability above the raw CVSS score of 4.8 would suggest. No active exploitation is confirmed by CISA KEV; a vendor-released patch is available in version 3.0.0.
Remote code execution in Godot MCP prior to version 0.1.1 results from unsafe shell command execution when processing user-supplied project paths. An unauthenticated attacker can inject shell metacharacters through multiple tools (create_scene, add_node, load_sprite, etc.) to execute arbitrary commands with the privileges of the MCP server process. No patch is currently available for affected deployments.
Path traversal in tugcantopaloglu godot-mcp 2.0.0 allows a local low-privileged user to escape the intended project directory by manipulating the projectPath argument passed to the validatePath function within the run_project component. A public proof-of-concept has been disclosed via GitHub issue #9, raising practical exploitability above the raw CVSS score of 4.8 would suggest. No active exploitation is confirmed by CISA KEV; a vendor-released patch is available in version 3.0.0.
Remote code execution in Godot MCP prior to version 0.1.1 results from unsafe shell command execution when processing user-supplied project paths. An unauthenticated attacker can inject shell metacharacters through multiple tools (create_scene, add_node, load_sprite, etc.) to execute arbitrary commands with the privileges of the MCP server process. No patch is currently available for affected deployments.