CVE-2026-7715 | ravenwits mcp-server-arangodb up to 0.4.7 MCP Interface src/tools.ts arango_backup outputDir path traversal

May 3, 2026 Yanac

A vulnerability described as critical has been identified in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal.

This vulnerability is referenced as CVE-2026-7715. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More