CVE-2026-33989 | mobile-next mobile-mcp up to 0.0.48 Fileystem Operation saveTo/output path traversal (GHSA-3p2m-h2v6-g9mx)

A vulnerability was found in mobile-next mobile-mcp up to 0.0.48 and classified as critical. The impacted element is the function mobile_save_screenshot/mobile_start_screen_recording of the component Fileystem Operation Handler. Executing a manipulation of the argument saveTo/output can lead to path traversal.

The identification of this vulnerability is CVE-2026-33989. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More