CVE-2026-7400 - geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal
CVE ID :CVE-2026-7400 Published : April 29, 2026, 7 p.m. | 40 minutes ago Description :A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Su
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] SWEAT protocol thwarts multi-million dollar exploit, restores user balances
- [CYBER] CVE-2026-7408 - SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection
- [CYBER] CVE-2026-7407 - SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection
- [CYBER] CVE-2026-7404 - getsimpletool mcpo-simple-server base_manager.py delete_shared_prompt path traversal
- [CYBER] CVE-2026-7403 - geldata gel-mcp server.py fetch_rule path traversal
- [CYBER] CVE-2026-1858 - wget2 Improper Certificate Validation