CVE-2026-7272 | WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca MCP Interface src/index.ts generate_matlab_code/execute_matlab_code scriptPath path traversal

A vulnerability classified as critical was found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate_matlab_code/execute_matlab_code of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead to path traversal.

This vulnerability is handled as CVE-2026-7272. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7272 | WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca MCP Interface src/index.ts generate_matlab_code/execute_matlab_code scriptPath path traversal

Post correlati

CVE-2024-3931 | Totara LMS 18.0.1 Build 20231128.01 Profile admin/roles/check.php ID Number cross site scripting

CVE-2025-62097 | SEOthemes SEO Slider Plugin up to 1.1.1 on WordPress cross site scripting

CVE-2024-54046 | Adobe Connect up to 11.4.7/12.6 cross site scripting (apsb24-99)

CVE-2022-49792 | Linux Kernel up to 5.10.155/5.15.79/6.0.9 iio out-of-bounds