A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate_matlab_c…

A path traversal vulnerability has been discovered in WilliamCloudQi matlab-mcp-server up to commit ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The flaw affects the generate_matlab_code/execute_matlab_code functions in src/index.ts of the MCP Interface component. Attackers can manipulate the scriptPath argument to achieve path traversal. The vulnerability can be exploited remotely and a public exploit has been published. The project maintainers have been notified through an issue report but have not yet responded to the security disclosure.