CVE-2026-40576 | haris-musa excel-mcp-server up to 0.1.7 get_excel_path filepath path traversal (GHSA-j98m-w3xp-9f56)

A vulnerability categorized as critical has been discovered in haris-musa excel-mcp-server up to 0.1.7. This affects the function get_excel_path. Such manipulation of the argument filepath leads to path traversal.

This vulnerability is referenced as CVE-2026-40576. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More