Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27735 is a path traversal vulnerability in the git_add tool of the mcp-server-git package, affecting versions prior to 2026.1.14. The vulnerability occurs because the tool does not validate that file paths provided in the files argument remain within the repository boundaries. It uses GitPython's repo.index.add() method, which accepts relative paths containing '../' sequences that resolve outside the repository. This allows an attacker to stage files located outside the repository into the Git index."}, {'type': 'paragraph', 'content': "The issue is caused by improper limitation of a pathname to a restricted directory (CWE-22), where special elements like '../' are not properly neutralized, enabling path traversal outside the intended directory."}, {'type': 'paragraph', 'content': "The vulnerability was fixed in version 2026.1.14 by switching from GitPython's repo.index.add() to repo.git.add(), which uses the Git CLI and properly rejects out-of-tree paths."}] [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker to stage files located outside the repository boundaries into the Git index. This can lead to unauthorized staging and committing of files that are outside the intended repository scope.

As a result, sensitive files outside the repository could be exfiltrated through subsequent commit and push operations, potentially exposing confidential information.

The CVSS v4 base score rates this vulnerability as Moderate (6.4), with a network attack vector, low attack complexity, no required privileges, and no user interaction needed. The impact on confidentiality and integrity is considered high due to the potential unauthorized access and manipulation of files.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the git_add tool accepting relative paths with `../` sequences that resolve outside the repository boundaries and staging them into the Git index. To detect this on your system, you can check the staged files in your Git index for any paths that traverse outside the repository directory.

One approach is to inspect the Git index for files with path components containing `../` or files that are located outside the expected repository structure.

• Use the command `git ls-files --stage` to list all staged files and their paths.
• Manually review the output for any suspicious paths containing `../` or paths that do not reside within the repository directory.
• Alternatively, use scripting to parse the output of `git ls-files --stage` and flag any entries with path traversal sequences.

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': "The primary mitigation step is to upgrade the mcp-server-git package to version 2026.1.14 or newer, where the vulnerability is fixed by switching from GitPython's `repo.index.add()` to the Git CLI, which properly validates file paths."}, {'type': 'paragraph', 'content': 'Until the upgrade can be applied, avoid using the vulnerable git_add tool with untrusted input that may contain relative paths with `../` sequences.'}, {'type': 'paragraph', 'content': 'Review and clean the Git index to remove any staged files that may have been added outside the repository boundaries.'}, {'type': 'paragraph', 'content': 'Implement strict input validation on any scripts or tools that interact with the git_add functionality to ensure file paths do not escape the repository directory.'}] [1, 2]

Useful 0 Not Useful 0