CVE-2026-7272
Received Received - Intake
Path Traversal in WilliamCloudQi MCP Interface Allows Remote Exploit

Publication date: 2026-04-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate_matlab_code/execute_matlab_code of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7272
EUVD
EUVD-2026-26050
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
williamcloudqi matlab-mcp-server to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca (inc)
williamcloudqi matlab-mcp-server to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an attacker to write arbitrary files to the filesystem locations writable by the server process, leading to potential integrity loss, configuration corruption, or further system compromise.

This arbitrary file write flaw poses high risks to data integrity and availability, which are critical aspects of compliance with standards such as GDPR and HIPAA that require protection of data integrity and system availability.

Although confidentiality impact is low, the ability to corrupt or overwrite files could lead to violations of regulatory requirements for data protection, auditability, and system reliability.

Mitigations such as restricting file writes, enforcing authentication and authorization, and sandboxing are necessary to maintain compliance with these standards.

Executive Summary

CVE-2026-7272 is a vulnerability in the WilliamCloudQi matlab-mcp-server affecting the generate_matlab_code and execute_matlab_code functions. It arises because the user-supplied parameter 'scriptPath' is used directly as a filesystem write target without proper validation or sanitization.

This lack of checks allows an attacker to perform path traversal attacks, enabling them to write arbitrary files anywhere on the filesystem where the server process has write permissions. The vulnerability is exploitable remotely without authentication.

The root cause is unsafe handling of the 'scriptPath' parameter in the source code (src/index.ts), where it is assigned directly to variables used in file write operations without rejecting absolute paths or parent-directory traversal sequences.

Impact Analysis

This vulnerability can have serious impacts including loss of integrity and availability of the affected system.

  • An attacker can overwrite arbitrary files writable by the server process, potentially corrupting application files, configurations, or user data.
  • It can lead to configuration corruption or further system compromise.
  • The confidentiality impact is low since the vulnerability allows write-only access, but the integrity and availability impacts are high.

The vulnerability can be exploited remotely without authentication, increasing the risk of attack.

Detection Guidance

This vulnerability can be detected by monitoring for unexpected file writes to arbitrary filesystem locations by the matlab-mcp-server, especially those triggered by the generate_matlab_code or execute_matlab_code tools using the scriptPath parameter.

A proof-of-concept involves invoking generate_matlab_code with a JSON argument specifying a scriptPath such as "/tmp/poc.txt" and saveScript set to true, which results in arbitrary file creation.

To detect exploitation attempts, you can check for suspicious file creation or modification in directories outside the expected workspace or temporary directories.

  • Use network monitoring or application logs to detect calls to generate_matlab_code or execute_matlab_code with unusual scriptPath arguments.
  • On the server, run commands to find recently created or modified files that could indicate exploitation, for example:
  • find /tmp -type f -name '*.txt' -mtime -1
  • grep -r --include='*.log' 'generate_matlab_code' /path/to/matlab-mcp-server/logs
  • Monitor network traffic for JSON requests containing the scriptPath parameter targeting the MCP interface.
Mitigation Strategies

Immediate mitigation steps include disabling or removing the script-saving functionality exposed to untrusted users to prevent arbitrary file writes.

Restrict file writes to an explicit, controlled workspace or temporary directory and reject absolute paths or parent-directory traversal sequences unless they resolve within an allowlisted base directory.

Add authentication and authorization controls to the MCP tools that handle file writing to ensure only trusted users can invoke these functions.

Run the server process with least-privilege filesystem permissions and apply OS-level sandboxing to limit the impact of any exploitation.

As a recommended fix, sanitize or remove the scriptPath parameter, resolve it against a trusted base directory using path.resolve, and verify that the resolved path remains within this directory.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7272. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart