Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS5.4AI score0.00287EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/26 3:16 p.m.44 views

mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/26 3:16 p.m.12 views

EUVD-2026-8770

mcp-server-git : Path traversal in gitadd allows staging files outside repository boundaries...

6.4CVSS5.2AI score0.00287EPSS
Exploits0References4
OSV
OSV
added 2026/02/26 3:16 p.m.7 views

GHSA-VJQX-CFC4-9H6V mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.4CVSS5.6AI score0.00287EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

Model Context Protocol Servers 路径遍历漏洞

Model Context Protocol Servers are open-source large-scale context protocol servers under the Model Context Protocol. Versions prior to 2026.1.14 of Model Context Protocol Servers had a path traversal vulnerability. This vulnerability stemmed from the gitadd tool not verifying whether the file...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/25 11:45 p.m.23 views

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS0.00287EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 11:45 p.m.5 views

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS5.5AI score0.00287EPSS
Exploits0References4
CVE
CVE
added 2026/02/25 11:45 p.m.19 views

CVE-2026-27735

CVE-2026-27735 affects the Model Context Protocol Servers (mcp-server-git) prior to version 2026.1.14. The git_add tool did not validate that file paths in the files argument stay within the repository, because it used GitPython's repo.index.add() instead of the Git CLI. This allowed relative pat...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 11:45 p.m.4 views

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS5.9AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22055

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2026.1.14 Description The Model Context Protocol Servers software contains an issue where the git add tool does not properly validate file paths provided in the files argument. This allows relative paths...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References13
Rows per page
Query Builder