CVE-2026-7445 | ZachHandley ZMCPTools up to 0.2.2 MCP Log Resource ResourceManager.ts dirname path traversal

A vulnerability was found in ZachHandley ZMCPTools up to 0.2.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal.

This vulnerability is referenced as CVE-2026-7445. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7445 | ZachHandley ZMCPTools up to 0.2.2 MCP Log Resource ResourceManager.ts dirname path traversal

Post correlati

CVE-2024-32937 | Grandstream GXP2135 1.0.9.129/1.0.11.74/1.0.11.79 CWMP SelfDefinedTimeZone os command injection (TALOS-2024-1978)

CVE-2025-47728 | Delta Electronics CNCSoft-G2 2.0.0.5/2.1.0.4/2.1.0.10/2.1.0.20 File out-of-bounds write (PCSA-2025-00007)

CVE-2024-34441 | Bootstrapped Ventures Easy Affiliate Links Plugin up to 3.7.2 on WordPress cross site scripting

CVE-2023-50212 | D-Link G416 httpd information disclosure (ZDI-23-1828)