PT-2026-36972 · Code-Mcp · Code-Mcp
Cpt_Penner
·
Published
2026-05-05
·
Updated
2026-05-05
·
CVE-2026-7811
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
54yyyu code-mcp versions up to 4cfc4643541a110c906d93635b391bf7e357f4a8
Description
An issue in the MCP File Handler component allows remote attackers to perform path traversal, which is a technique used to access files and directories outside the intended folder. The flaw exists within the
is safe path() function located in the src/code mcp/server.py file.Recommendations
As a temporary workaround, consider restricting the use of the
is safe path() function until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code-Mcp