CVE-2026-7403 | geldata gel-mcp 0.1.0 src/gel_mcp/server.py list_rules/fetch_rule rule_name path traversal

Inserito da Angelo Barbosa | Apr 29, 2026 | CVE

A vulnerability, which was classified as critical, was found in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in path traversal.

This vulnerability was named CVE-2026-7403. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7403 | geldata gel-mcp 0.1.0 src/gel_mcp/server.py list_rules/fetch_rule rule_name path traversal

Post correlati

CVE-2025-27323 | Jon Bishop WP About Author Plugin up to 1.5 on WordPress cross site scripting

CVE-2024-2943 | Campcodes Online Examination System 1.0 deleteExamExe.php id sql injection

CVE-2024-9976 | code-projects Pharmacy Management System 1.0 manage_customer.php?action=search text sql injection

CVE-2025-8612 | AOMEI Backupper Workstation link following