CVE-2026-7811 | 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8 MCP File src/code_mcp/server.py is_safe_path path traversal

A vulnerability labeled as critical has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal.

This vulnerability is referenced as CVE-2026-7811. It is possible to launch the attack remotely. Furthermore, an exploit is available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7811 | 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8 MCP File src/code_mcp/server.py is_safe_path path traversal

Post correlati

CVE-2025-15184 | code-projects Refugee Food Management System 1.0 refugeesreport2.php a sql injection

CVE-2025-4507 | Campcodes Online Food Ordering System 1.0 /routers/add-item.php price sql injection

CVE-2025-0765 | GitLab Community Edition/Enterprise Edition up to 18.0.4/18.1.2/18.2.0 Service Desk Email Address authorization

CVE-2024-41778 | IBM Controller up to 11.0.1/11.1.0 User Account weak password