CVE-2026-7627 | 8nite metatrader-4-mcp 1.0.0 sync_ea_from_file src/index.ts CallToolRequestSchema ea_name path traversal

A vulnerability, which was classified as critical, was found in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such manipulation of the argument ea_name leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-7627. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More