CVE-2026-7272
Path Traversal in WilliamCloudQi MCP Interface Allows Remote Exploit
Publication date: 2026-04-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| williamcloudqi | matlab-mcp-server | to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca (inc) |
| williamcloudqi | matlab-mcp-server | to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7272 is a vulnerability in the WilliamCloudQi matlab-mcp-server affecting the generate_matlab_code and execute_matlab_code functions. It arises because the user-supplied parameter 'scriptPath' is used directly as a filesystem write target without proper validation or sanitization.
This lack of checks allows an attacker to perform path traversal attacks, enabling them to write arbitrary files anywhere on the filesystem where the server process has write permissions. The vulnerability is exploitable remotely without authentication.
The root cause is unsafe handling of the 'scriptPath' parameter in the source code (src/index.ts), where it is assigned directly to variables used in file write operations without rejecting absolute paths or parent-directory traversal sequences.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to write arbitrary files to the filesystem locations writable by the server process, leading to potential integrity loss, configuration corruption, or further system compromise.
This arbitrary file write flaw poses high risks to data integrity and availability, which are critical aspects of compliance with standards such as GDPR and HIPAA that require protection of data integrity and system availability.
Although confidentiality impact is low, the ability to corrupt or overwrite files could lead to violations of regulatory requirements for data protection, auditability, and system reliability.
Mitigations such as restricting file writes, enforcing authentication and authorization, and sandboxing are necessary to maintain compliance with these standards.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including loss of integrity and availability of the affected system.
- An attacker can overwrite arbitrary files writable by the server process, potentially corrupting application files, configurations, or user data.
- It can lead to configuration corruption or further system compromise.
- The confidentiality impact is low since the vulnerability allows write-only access, but the integrity and availability impacts are high.
The vulnerability can be exploited remotely without authentication, increasing the risk of attack.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unexpected file writes to arbitrary filesystem locations by the matlab-mcp-server, especially those triggered by the generate_matlab_code or execute_matlab_code tools using the scriptPath parameter.
A proof-of-concept involves invoking generate_matlab_code with a JSON argument specifying a scriptPath such as "/tmp/poc.txt" and saveScript set to true, which results in arbitrary file creation.
To detect exploitation attempts, you can check for suspicious file creation or modification in directories outside the expected workspace or temporary directories.
- Use network monitoring or application logs to detect calls to generate_matlab_code or execute_matlab_code with unusual scriptPath arguments.
- On the server, run commands to find recently created or modified files that could indicate exploitation, for example:
- find /tmp -type f -name '*.txt' -mtime -1
- grep -r --include='*.log' 'generate_matlab_code' /path/to/matlab-mcp-server/logs
- Monitor network traffic for JSON requests containing the scriptPath parameter targeting the MCP interface.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or removing the script-saving functionality exposed to untrusted users to prevent arbitrary file writes.
Restrict file writes to an explicit, controlled workspace or temporary directory and reject absolute paths or parent-directory traversal sequences unless they resolve within an allowlisted base directory.
Add authentication and authorization controls to the MCP tools that handle file writing to ensure only trusted users can invoke these functions.
Run the server process with least-privilege filesystem permissions and apply OS-level sandboxing to limit the impact of any exploitation.
As a recommended fix, sanitize or remove the scriptPath parameter, resolve it against a trusted base directory using path.resolve, and verify that the resolved path remains within this directory.