Directory Traversal

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via the gitadd function. An attacker can access and stage files outside...

mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

GHSA-VJQX-CFC4-9H6V mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

Improper Configuration Control

weblate is vulnerable to improper configuration control. The vulnerability is due to the ability to remotely overwrite Git configuration, which allows an attacker to modify repository behavior and potentially manipulate project operations...

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27735

CVE-2026-27735 affects the Model Context Protocol Servers (mcp-server-git) prior to version 2026.1.14. The git_add tool did not validate that file paths in the files argument stay within the repository, because it used GitPython's repo.index.add() instead of the Git CLI. This allowed relative pat...

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498

A connected PT-Security report identifies CVE-2026-27498 as a remote code execution (RCE) vulnerability affecting n8n. The excerpt confirms the vulnerability type but provides no version, root cause, exploit details, or confirmed remediation in the supplied documents. No explicit mitigations or p...

EUVD-2026-8760

n8n has Arbitrary Command Execution via File Write and Git Operations...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the readWriteFile node in combination with git operations. An attacker can execute arbitrary commands on the host system by writing to specific configuration files and triggering a git operation. This is onl...

n8n has Arbitrary Command Execution via File Write and Git Operations

Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary she...

Arbitrary Code Injection

Overview n8n-core is a Core functionality of n8n Affected versions of this package are vulnerable to Arbitrary Code Injection via the readWriteFile node in combination with git operations. An attacker can execute arbitrary commands on the host system by writing to specific configuration files and...

GHSA-X2MW-7J39-93XQ n8n has Arbitrary Command Execution via File Write and Git Operations

Impact An authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration files and then triggering a git operation, the attacker could execute arbitrary she...