CVE-2026-7213
Path Traversal in ef10007 MLOps_MCP save_file Tool
Publication date: 2026-04-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ef10007 | mlops_mcp | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability CVE-2026-7213 exists in the MLOps_MCP tool, specifically in the save_file function within the fastmcp_server.py file. It arises because the destination path for saving files is constructed using os.path.join(os.getcwd(), destination) without properly validating or canonicalizing the destination parameter.
This improper handling allows an attacker to supply absolute paths or relative path traversal sequences (like ../../) in the destination parameter, enabling them to write files outside the intended project workspace directory.
The server creates directories and writes files at attacker-controlled locations without sanitization, which means an attacker who can invoke the save_file tool and has write permissions can overwrite or create arbitrary files on the system.
How can this vulnerability impact me? :
This vulnerability can have several impacts:
- Integrity impact is high because an attacker can create or overwrite arbitrary files outside the intended workspace.
- Availability impact is medium due to the possibility of overwriting operational files or exhausting disk space.
Confidentiality impact is not directly observed from this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for attempts to invoke the save_file function with absolute paths or relative path traversal sequences in the destination parameter. Specifically, look for JSON-RPC requests containing destination values with patterns like absolute paths (e.g., starting with /) or traversal sequences such as ../../.
You can detect exploitation attempts by capturing and inspecting network traffic for such JSON-RPC requests targeting the MLOps_MCP service.
Suggested commands to detect suspicious activity include:
- Using tcpdump or Wireshark to capture traffic on the relevant port and filter for JSON-RPC requests.
- Example tcpdump command: tcpdump -A -s 0 'tcp port <MLOps_MCP_port>' | grep -E '"destination".*(/|\.\./)'
- Using grep or similar tools on server logs to find requests containing absolute paths or traversal sequences in the destination parameter.
- Example log search command: grep -E '"destination".*(/|\.\./)' /path/to/mlops_mcp_logs.log
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Reject absolute paths and path traversal tokens in the destination parameter to prevent directory escape.
- Restrict all saved files to a fixed allowlisted directory, such as a dedicated workspace folder (e.g., data/).
- Run the MCP server under a low-privilege account with limited write permissions to minimize impact.
- Disable the save_file functionality for untrusted workflows until a patch or fix is applied.
Longer term, the recommended fix is to canonicalize and validate the destination path to ensure it remains within the workspace root before creating directories or writing files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary file write outside the intended workspace via path traversal, which can lead to high integrity impact by overwriting or creating files outside the controlled environment.
While no direct confidentiality breach is observed, the ability to manipulate files arbitrarily can undermine data integrity and availability, potentially affecting compliance with standards like GDPR and HIPAA that require protection of data integrity and availability.
Specifically, unauthorized file writes could lead to unauthorized modification or disruption of data or system files, which may violate regulatory requirements for data protection, auditability, and system reliability.
Mitigations such as restricting file writes to allowlisted directories and running the server under low-privilege accounts are recommended to reduce compliance risks.