CVE-2026-7149
Path Traversal in dexhunter kaggle-mcp Enables Remote Exploitation
Publication date: 2026-04-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dexhunter | kaggle-mcp | to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue found in the dexhunter kaggle-mcp tool, specifically in the function prepare_kaggle_dataset within src/kaggle_mcp/server.py.
The problem arises because the competition_id argument, which should be a simple Kaggle competition identifier, is improperly handled as a filesystem path fragment without validation.
An attacker can supply a crafted competition_id containing path traversal sequences (like ../../../../tmp/kaggle-poc), causing the server to create directories outside the intended data cache directory.
This directory creation happens before any Kaggle API download or extraction, meaning the attacker can create arbitrary directories remotely without authentication or user interaction.
The vulnerability allows arbitrary directory creation and potentially extraction of files into attacker-controlled locations on the filesystem.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to create and populate directories anywhere on the filesystem where the server has write permissions.
This can lead to high integrity impact because attackers can place files or directories outside the intended application data area.
Confidentiality impact is low to medium depending on whether the attacker can access or expose extracted files.
Availability impact is medium since the attacker could clutter the filesystem or interfere with the application's state by creating unexpected directories.
Overall, the vulnerability allows remote attackers to manipulate the filesystem structure, which can disrupt normal operation or be leveraged for further attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for unauthorized or unexpected directory creation outside the intended data cache directory by the kaggle-mcp server. Specifically, look for directories created with names containing path traversal sequences or unexpected locations such as /tmp/kaggle-poc.
Since the vulnerability involves the manipulation of the competition_id argument leading to path traversal, monitoring logs or network traffic for JSON-RPC requests invoking prepare_kaggle_dataset with suspicious competition_id values containing sequences like '../' or absolute paths can help detect exploitation attempts.
Suggested commands to detect suspicious directories or files created by exploitation attempts include:
- Find directories created outside the expected data directory (example: /tmp/kaggle-poc): find /tmp -type d -name '*kaggle*'
- Search for suspicious JSON-RPC requests in server logs containing path traversal patterns: grep -E '\.\./|/|\\' /path/to/kaggle-mcp/logs/*
- Monitor active network connections or traffic to the kaggle-mcp server for unusual payloads targeting prepare_kaggle_dataset.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include validating the competition_id parameter strictly to prevent path traversal. This can be done by enforcing a regex pattern such as ^[a-z0-9][a-z0-9-]*$ to ensure only valid Kaggle competition slugs are accepted.
Normalize and resolve the final dataset path and ensure it does not escape the fixed data/ base directory by using path resolution methods and enforcing that the target path is a subpath of the base directory.
Run the kaggle-mcp server under a low-privilege user account with a sandboxed writable data directory to limit the impact of any directory creation outside intended locations.
Additionally, apply any available patches or updates from the project repository once they are released, and consider adding regression tests to detect path traversal payloads.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to perform path traversal and arbitrary directory creation outside the intended data cache directory. This can lead to unauthorized creation and population of directories, potentially exposing or manipulating files outside the expected scope.
From a compliance perspective, this could impact confidentiality and integrity of data, which are critical aspects of standards like GDPR and HIPAA. Specifically, the confidentiality impact is assessed as low to medium depending on exposure of extracted files, and integrity impact is high due to unauthorized directory creation.
Such unauthorized access and manipulation could lead to violations of data protection requirements, unauthorized data exposure, or tampering, thereby affecting compliance with regulations that mandate strict control over data access and integrity.