CVE-2026-7627 | 8nite metatrader-4-mcp 1.0.0 sync_ea_from_file src/index.ts CallToolRequestSchema ea_name path traversal

A vulnerability, which was classified as critical, was found in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such manipulation of the argument ea_name leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-7627. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7627 | 8nite metatrader-4-mcp 1.0.0 sync_ea_from_file src/index.ts CallToolRequestSchema ea_name path traversal

Post correlati

CVE-2025-4903 | D-Link DI-7003GV2 24.04.18D1 R(68125) sub_41F4F0 unverified password change

CVE-2025-66150 | merkulove Appender Plugin up to 1.1.1 on WordPress authorization

CVE-2024-22349 | IBM UrbanCode Velocity/DevOps Velocity web browser cache containing sensitive information

CVE-2024-8566 | code-projects Online Shop Store 1.0 /settings.php error cross site scripting