CVE-2026-7319

Name of the Vulnerable Software and Affected Versions elinsky execution-system-mcp version 0.1.0

Description A path traversal flaw exists in the add action Tool within the get context file path() function of the src/execution system mcp/server.py file. A remote attacker can initiate this attack by manipulating the context argument, allowing unauthorized access to files or directories outside the intended folder.

Recommendations As a temporary workaround, restrict the use of the context argument in the add action Tool or disable the get context file path() function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.