CVE-2026-7214
Path Traversal in eghuzefa engineer-your-data Server Module
Publication date: 2026-04-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eghuzefa | engineer-your-data | to 0.1.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the "engineer-your-data" project up to version 0.1.3, specifically in the file operations functions read_file, write_file, list_files, and file_info within src/server.py and related files.
The core issue is that these file operation tools do not enforce the configured workspace root boundary defined by the environment variable WORKSPACE_PATH. Instead, they accept arbitrary file paths from callers and operate on them directly without validating whether the paths reside within the designated workspace directory.
This lack of path validation allows an attacker to perform path traversal attacks, accessing or modifying files outside the intended workspace directory. For example, an attacker can read sensitive system files like /etc/hosts or write arbitrary files anywhere the service account has permission.
The vulnerability can be exploited remotely by sending crafted JSON-RPC requests to the affected file operation functions.
How can this vulnerability impact me? :
This vulnerability can have significant security impacts including:
- Confidentiality impact: Attackers can read arbitrary files on the system, potentially exposing sensitive information.
- Integrity impact: Attackers can write or modify arbitrary files, potentially altering data or injecting malicious content.
- Availability impact: Arbitrary writes can disrupt local workflows or system operations, causing partial denial of service.
The exploit can be performed remotely without authentication, increasing the risk of unauthorized access and manipulation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to invoke the exposed MCP file operation tools with file paths outside the configured workspace boundary. For example, sending a JSON-RPC request to the read_file function with an absolute path such as "/etc/hosts" can reveal if path traversal is possible.
A practical detection method is to test if the service responds to file operation requests with paths outside the intended workspace. If the service returns file contents or allows writing to arbitrary paths, the vulnerability is present.
- Send a JSON-RPC request to read_file with "file_path": "/etc/hosts" and check if the contents of /etc/hosts are returned.
- Attempt to write a file outside the workspace using write_file, for example writing to "/tmp/engineer_your_data_poc.json".
- Check if list_files or file_info commands accept paths outside the workspace and return information about those files.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enforcing the workspace root directory boundary for all file operations and restricting the permissions of the service account.
- Configure the service to strictly enforce WORKSPACE_PATH as the root directory and reject any file paths that escape this boundary, including absolute paths and directory traversal sequences.
- Run the service under a restricted user account with limited file system permissions to minimize potential damage.
- Disable file-writing tools in untrusted or exposed environments until a proper fix is applied.
- Use allowlists to restrict which paths can be read or written by the service.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows attackers to read and write arbitrary files on the system by bypassing the intended workspace boundary restrictions. Such unauthorized access and modification of files can lead to exposure or alteration of sensitive data.
Because of the high confidentiality and integrity impact, this vulnerability could result in non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls over access to personal and sensitive information.
Specifically, the ability to read arbitrary files may lead to unauthorized disclosure of personal data, violating confidentiality requirements, while the ability to write arbitrary files could compromise data integrity and availability, both critical aspects under these regulations.