CVE-2026-7213

Name of the Vulnerable Software and Affected Versions ef10007 MLOps MCP version 1.0.0

Description A path traversal issue exists in the save file Tool within the fastmcp server.py file. A remote attacker can manipulate the filename/destination argument to access or overwrite files outside the intended directory. Path traversal is a vulnerability that allows an attacker to read or write files on the server by using special character sequences, such as "../", to navigate the file system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the save file Tool or avoid using the filename/destination argument until a patch is available.