PT-2026-35682 · Agiflow · Scaffold-Mcp
Brucejin
·
Published
2026-04-28
·
Updated
2026-04-28
·
CVE-2026-7237
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
AgiFlow scaffold-mcp versions prior to 1.1.0
Description
A path traversal issue exists in the
write-to-file Tool within the packages/scaffold-mcp/src/server/index.ts file. A remote attacker can exploit this by manipulating the file path argument, allowing unauthorized access to or modification of files outside the intended directory.Recommendations
Upgrade to version 1.1.0.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Scaffold-Mcp