PT-2026-36743 · Ravenwits · Mcp-Server-Arangodb
Brucejqs
·
Published
2026-05-04
·
Updated
2026-05-04
·
CVE-2026-7715
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ravenwits mcp-server-arangodb versions prior to 0.4.8
Description
A path traversal issue exists in the MCP Interface component within the
arango backup() function of the src/tools.ts file. A remote attacker can manipulate the outputDir argument to access or traverse directories outside the intended path.Recommendations
Update to a version later than 0.4.7.
As a temporary workaround, restrict or validate the input provided to the
outputDir argument in the arango backup() function.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcp-Server-Arangodb