CVE-2026-7272

Name of the Vulnerable Software and Affected Versions matlab-mcp-server versions prior to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca

Description A path traversal flaw exists in the MCP Interface component, specifically within the execute matlab code() function of the generate matlab code process located in the src/index.ts file. A remote attacker can exploit this by manipulating the scriptPath argument, allowing unauthorized access to files or directories outside the intended folder.

Recommendations Update to a version later than ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. As a temporary workaround, restrict or validate the input provided to the scriptPath argument in the execute matlab code() function to prevent path traversal.