top of page
perceptive_background_267k.jpg

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file …

Published:

4 May 2026 at 22:00:00

Alert date:

5 May 2026 at 06:01:29

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

A path traversal vulnerability (CVE-2026-7811) has been discovered in the 54yyyu code-mcp project up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8. The vulnerability affects the is_safe_path function in src/code_mcp/server.py within the MCP File Handler component. This flaw allows remote attackers to perform path traversal attacks. The exploit has been publicly disclosed and is available for use. The project uses rolling releases, making version tracking difficult. Despite early notification through an issue report, the project maintainers have not yet responded to address the vulnerability.

Technical details

Mitigation steps:

Affected products:

code-mcp

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7811
https://github.com/54yyyu/code-mcp/
https://github.com/54yyyu/code-mcp/issues/4
https://vuldb.com/submit/807751
https://vuldb.com/vuln/361071
https://vuldb.com/vuln/361071/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page