CVE-2025-66689
Path Traversal in Zen MCP Server Allows Arbitrary File Read
Publication date: 2026-01-12
Last updated on: 2026-01-12
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zen | mcp_server | 9.8.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal flaw in Zen MCP Server versions before 9.8.2. It allows authenticated attackers to read arbitrary files on the system by bypassing the is_dangerous_path() validation function. The function attempts to block access to certain system directories using exact string matching against a blacklist, but attackers can circumvent this by accessing subdirectories within those blacklisted paths.
How can this vulnerability impact me? :
An attacker who exploits this vulnerability can read arbitrary files on the affected system. This could lead to unauthorized disclosure of sensitive information, potentially compromising system security and privacy.