Skip to main content

Kicad Mcp

1 CVEs product

Monthly

CVE-2026-15528 LOW POC Monitor

Path validation bypass in kicad-mcp up to 3.3.1 enables local low-privileged users to read files outside intended directory scope by manipulating the `project_path` or `schematic_path` arguments processed by `kicad_mcp/utils/path_validator.py`. The protection mechanism in this MCP (Model Context Protocol) server for KiCad PCB design software fails to adequately sanitize or normalize supplied paths, resulting in limited confidentiality impact with no integrity or availability consequences. No public patch is available as of this analysis; a proof-of-concept exploit exists publicly via GitHub issue #57, though the project maintainer has not yet responded to the disclosure.

Information Disclosure Kicad Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
EPSS 0% CVSS 1.9
LOW POC Monitor

Path validation bypass in kicad-mcp up to 3.3.1 enables local low-privileged users to read files outside intended directory scope by manipulating the `project_path` or `schematic_path` arguments processed by `kicad_mcp/utils/path_validator.py`. The protection mechanism in this MCP (Model Context Protocol) server for KiCad PCB design software fails to adequately sanitize or normalize supplied paths, resulting in limited confidentiality impact with no integrity or availability consequences. No public patch is available as of this analysis; a proof-of-concept exploit exists publicly via GitHub issue #57, though the project maintainer has not yet responded to the disclosure.

Information Disclosure Kicad Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy