10 matches found
CVE-2026-7237
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...
CVE-2026-7237
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...
CVE-2026-7237
Technical details about CVE-2026-7237 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-7237 AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...
CVE-2026-7237
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...
CVE-2026-7237 AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...
EUVD-2026-26008
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument filepath results in path traversal. The attack may be...
PT-2026-35682
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file path results in path traversal. The attack may b...
scaffold-mcp 路径遍历漏洞
Scaffold-mcp is a scaffolding tool developed by AgiFlow for quickly building model context protocols. Versions of scaffold-mcp 1.0.27 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the filepath parameter in the packages/scaffold-mcp/src/server/index.ts file...
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +96 more potentially affected by CVE-2026-41311 via liquidjs (>=10.10.0 <=10.25.6)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0-beta.1, =1.0.0-beta.4 - @clairview/api =23.1.0 and more Source cves: CVE-2026-41311 Source advisory: OSV:GHSA-4RC3-7J7W-M548...