2 matches found
CVE-2026-61462
mcp-gitlab contains a path traversal vulnerability in the jobid parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted jobid values like ../../../user to escape the intended path prefix and access arbitrary GitLab API...
CVE-2026-61462
CVE-2026-61462 affects mcp-gitlab. A path traversal weakness exists in the build/index.js job_id parameter, allowing an attacker to escape the intended path prefix (e.g., using ../../../user) and redirect GitLab API requests to arbitrary endpoints. This can enable access to arbitrary GitLab API r...