CVE-2026-7216
Path Traversal in donchelo create_sketch Tool Enables Remote Exploit
Publication date: 2026-04-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| donchelo | processing-claude-mcp-bridge | to e017b20a4b592a45531a6392f494007f04e661bd (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal flaw in the donchelo processing-claude-mcp-bridge project, specifically in the create_sketch Tool's processing_server.py file. It occurs because the sketch_name argument is used directly to build filesystem paths without validation or normalization. An attacker can manipulate sketch_name to include directory traversal sequences (like ..\..\) to escape the intended sketch directory and create or overwrite files anywhere on the filesystem where the server has write permissions.
The vulnerable code concatenates sketch_name with the base sketch directory using os.path.join() but does not check for malicious path components. This allows remote attackers to write arbitrary files, potentially overwriting important files or placing malicious files on the system.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to create or overwrite arbitrary files on your system with the privileges of the MCP server process. This can lead to:
- High integrity impact, as attackers can modify or replace files.
- Medium availability impact, since attackers could corrupt or interfere with user content or application functionality.
- Low confidentiality impact, as the issue mainly concerns write access rather than read access.
Overall, this could allow attackers to compromise the system by placing malicious files, disrupting normal operations, or corrupting data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves path traversal via the sketch_name parameter in the create_sketch and update_sketch methods, allowing arbitrary file writes outside the intended directory.
Detection can focus on monitoring for unusual file creation or modification outside the designated sketch directory, especially files with .pde extensions created in unexpected locations.
Network detection could involve inspecting requests to the processing-claude-mcp-bridge service for suspicious sketch_name values containing path traversal sequences such as '..\' or '../'.
- Use file system monitoring tools to detect creation or modification of files outside the expected sketch directory, for example, on Linux: `find /path/to/sketch_dir/ -type f -name '*.pde' -exec ls -l {} +` and check for files outside this directory.
- On Windows, use PowerShell to search for unexpected .pde files outside the sketch directory: `Get-ChildItem -Path C:\Users\chelo\OneDrive\ -Recurse -Filter *.pde` and verify their locations.
- Monitor network traffic or logs for API calls or requests containing sketch_name parameters with directory traversal patterns, e.g., using grep or similar tools: `grep -r "sketch_name" /var/log/processing-claude-mcp-bridge/ | grep -E '\.\.|/'`.
No specific detection commands are provided in the resources, but these general approaches can help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include preventing untrusted callers from accessing the vulnerable create_sketch and update_sketch methods until proper validation is implemented.
- Restrict the sketch_name parameter to a conservative allowlist of characters such as letters, numbers, spaces, underscores, and hyphens, rejecting any path separators, drive prefixes, or traversal sequences.
- Run the processing-claude-mcp-bridge server under a low-privilege account to limit the impact of any arbitrary file writes.
- Isolate the sketch directory from sensitive sibling directories to reduce the risk of overwriting critical files.
The recommended fix is to canonicalize and verify the final file path to ensure it remains within the designated sketch directory before performing any filesystem operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary file write through path traversal, enabling attackers to create or overwrite files outside the intended directory. This can lead to integrity issues and potential unauthorized modification of files.
Such unauthorized file manipulation could impact compliance with standards like GDPR and HIPAA, which require protection of data integrity and confidentiality. If sensitive data or system files are altered or corrupted, it may result in violations of these regulations.
However, the provided information does not explicitly discuss compliance impacts or specific regulatory consequences.