CVE-2026-7715

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ravenwits mcp-server-arangodb versions prior to 0.4.8

Description A path traversal issue exists in the MCP Interface component within the arango backup() function of the src/tools.ts file. A remote attacker can manipulate the outputDir argument to access or traverse directories outside the intended path.

Recommendations Update to a version later than 0.4.7. As a temporary workaround, restrict or validate the input provided to the outputDir argument in the arango backup() function.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-7715

Affected Products

Mcp-Server-Arangodb

CVE-2026-7715

Weakness Enumeration

Related Identifiers

Affected Products

References · 8