CVE-2026-7400

Name of the Vulnerable Software and Affected Versions geekgod382 filesystem-mcp-server version 1.0.0

Description A path traversal issue exists in the is path allowed() function within the server.py file of the read file tool/write file tool component. This flaw allows a remote attacker to manipulate paths, potentially leading to data leaks and Server-Side Request Forgery (SSRF), which is a technique where an attacker forces a server to make requests to an unintended location.

Recommendations Update to version 1.1.0. As a temporary workaround, restrict access to the is path allowed() function to minimize the risk of exploitation.