CVE-2026-7149 | dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d src/kaggle_mcp/server.py prepare_kaggle_dataset competition_id path traversal

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d and classified as critical. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the argument competition_id leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-7149. The attack is possible to be carried out remotely. Moreover, an exploit is present.

This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7149 | dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d src/kaggle_mcp/server.py prepare_kaggle_dataset competition_id path traversal

Post correlati

CVE-2026-27925 | Microsoft Windows up to Server 2025 use after free

CVE-2024-32839 | Ivanti EPM 2024/up to 2022 SU5 sql injection

CVE-2025-23405 | Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Applications neutralization for logs (icsma-25-058-01)

CVE-2026-32176 | Microsoft SQL Server 2016/2017/2019/2022/2025 sql injection