CVE-2026-33989 | mobile-next mobile-mcp up to 0.0.48 Fileystem Operation saveTo/output path traversal (GHSA-3p2m-h2v6-g9mx)

Inserito da Angelo Barbosa | Mar 27, 2026 | CVE

A vulnerability was found in mobile-next mobile-mcp up to 0.0.48 and classified as critical. The impacted element is the function mobile_save_screenshot/mobile_start_screen_recording of the component Fileystem Operation Handler. Executing a manipulation of the argument saveTo/output can lead to path traversal.

The identification of this vulnerability is CVE-2026-33989. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.

CVE-2026-33989 | mobile-next mobile-mcp up to 0.0.48 Fileystem Operation saveTo/output path traversal (GHSA-3p2m-h2v6-g9mx)

Post correlati

CVE-2026-22281 | Dell PowerScale OneFS up to 9.13.0.0 toctou (dsa-2026-049)

CVE-2026-2002 | Forminator Forms Plugin up to 1.50.2 on WordPress form_name cross site scripting

CVE-2024-49227 | Innovaweb Free Stock Photos Foter Plugin up to 1.5.4 on WordPress deserialization

CVE-2024-57995 | Linux Kernel up to 6.13.1 ath12k_mac_assign_vif_to_vdev use after free