CVE-2026-27735
Path Traversal Vulnerability in MCP git_add Allows Repository Escape
Publication date: 2026-02-26
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lfprojects | model_context_protocol_servers | to 2026.1.14 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27735 is a path traversal vulnerability in the git_add tool of the mcp-server-git package, affecting versions prior to 2026.1.14. The vulnerability occurs because the tool does not validate that file paths provided in the files argument remain within the repository boundaries. It uses GitPython's repo.index.add() method, which accepts relative paths containing '../' sequences that resolve outside the repository. This allows an attacker to stage files located outside the repository into the Git index."}, {'type': 'paragraph', 'content': "The issue is caused by improper limitation of a pathname to a restricted directory (CWE-22), where special elements like '../' are not properly neutralized, enabling path traversal outside the intended directory."}, {'type': 'paragraph', 'content': "The vulnerability was fixed in version 2026.1.14 by switching from GitPython's repo.index.add() to repo.git.add(), which uses the Git CLI and properly rejects out-of-tree paths."}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to stage files located outside the repository boundaries into the Git index. This can lead to unauthorized staging and committing of files that are outside the intended repository scope.
As a result, sensitive files outside the repository could be exfiltrated through subsequent commit and push operations, potentially exposing confidential information.
The CVSS v4 base score rates this vulnerability as Moderate (6.4), with a network attack vector, low attack complexity, no required privileges, and no user interaction needed. The impact on confidentiality and integrity is considered high due to the potential unauthorized access and manipulation of files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the git_add tool accepting relative paths with `../` sequences that resolve outside the repository boundaries and staging them into the Git index. To detect this on your system, you can check the staged files in your Git index for any paths that traverse outside the repository directory.
One approach is to inspect the Git index for files with path components containing `../` or files that are located outside the expected repository structure.
- Use the command `git ls-files --stage` to list all staged files and their paths.
- Manually review the output for any suspicious paths containing `../` or paths that do not reside within the repository directory.
- Alternatively, use scripting to parse the output of `git ls-files --stage` and flag any entries with path traversal sequences.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "The primary mitigation step is to upgrade the mcp-server-git package to version 2026.1.14 or newer, where the vulnerability is fixed by switching from GitPython's `repo.index.add()` to the Git CLI, which properly validates file paths."}, {'type': 'paragraph', 'content': 'Until the upgrade can be applied, avoid using the vulnerable git_add tool with untrusted input that may contain relative paths with `../` sequences.'}, {'type': 'paragraph', 'content': 'Review and clean the Git index to remove any staged files that may have been added outside the repository boundaries.'}, {'type': 'paragraph', 'content': 'Implement strict input validation on any scripts or tools that interact with the git_add functionality to ensure file paths do not escape the repository directory.'}] [1, 2]