4 matches found
CVE-2026-33989
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to...
Directory Traversal
Overview @mobilenext/mobile-mcp is a Mobile MCP Affected versions of this package are vulnerable to Directory Traversal via the saveTo and output parameters in the mobilesavescreenshot and mobilestartscreenrecording tools. An attacker can overwrite arbitrary files on the host system by supplying...
@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
Summary The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the...
GHSA-3P2M-H2V6-G9MX @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
Summary The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobilesavescreenshot and mobilestartscreenrecording tools. The saveTo and output parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the...