CVE-2026-7400 | geekgod382 filesystem-mcp-server 1.0.0 read_file_tool/write_file_tool server.py is_path_allowed path traversal

A vulnerability classified as critical was found in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-7400. The attack can be launched remotely. Moreover, an exploit is present.

Upgrading the affected component is advised.VulDB Recent EntriesRead More