CVE-2026-7403
Path Traversal in geldata gel-mcp
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geldata | gel-mcp | 0.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a security flaw in geldata gel-mcp version 0.1.0, specifically in the function list_rules/fetch_rule located in the file src/gel_mcp/server.py. It involves the manipulation of the argument rule_name, which leads to a path traversal issue. This means an attacker can manipulate input to access files or directories outside the intended scope.
The attack can be performed remotely, and the exploit code has already been publicly released, making it easier for attackers to exploit this vulnerability.
How can this vulnerability impact me? :
The vulnerability allows an attacker to perform path traversal remotely by manipulating the rule_name argument. This can lead to unauthorized access to files on the server that should not be accessible, potentially exposing sensitive information.
Since the exploit is publicly available, the risk of attack is increased, which could result in data breaches or compromise of the system's integrity.
Can you explain this vulnerability to me?
CVE-2026-7403 is a security flaw in the geldata gel-mcp 0.1.0 tool, specifically in the function list_rules/fetch_rule located in src/gel_mcp/server.py. The vulnerability arises because the function accepts an argument called rule_name that is not properly validated or sanitized.
An attacker can manipulate the rule_name argument to perform a path traversal attack, using sequences like ../../../../../ to escape the intended directory (RULES_DIR) and access arbitrary files on the system.
The server only checks if the resolved path exists before returning its contents, without ensuring the path remains within the intended directory. This allows an attacker to read sensitive files that the service account running gel-mcp has permission to read.
The attack can be performed remotely if the attacker can invoke the fetch_rule function. The vulnerability does not allow modification or deletion of files, only reading them.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information by allowing an attacker to read arbitrary local files on the system where gel-mcp is running.
The confidentiality impact is high because sensitive files such as configuration files or other private data can be exposed.
However, the vulnerability does not affect the integrity or availability of the system since it does not allow file modification or deletion.
If exploited, attackers could gain access to information that might be used for further attacks or to compromise privacy.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to invoke the fetch_rule function of the gel-mcp tool with crafted path traversal inputs in the rule_name argument. For example, sending requests that include sequences like ../../../../../ to access files outside the intended directory can reveal if the system is vulnerable.
A practical detection method is to try to fetch known sensitive files that should not be accessible, such as configuration files (e.g., pyproject.toml). If the contents of such files are returned, the system is vulnerable.
Since the vulnerability is in a remote service, detection commands depend on how the fetch_rule function is exposed. If it is accessible via HTTP or a command-line interface, you can use curl or similar tools to test path traversal.
- Example curl command to test path traversal: curl "http://target-server/fetch_rule?rule_name=../../../../../pyproject.toml"
- Check server logs for unusual requests containing ../ sequences in the rule_name parameter.
- Use static code analysis or manual code review to verify if the fetch_rule function properly sanitizes and canonicalizes input paths.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the fetch_rule function to trusted users or networks only.
Validate and sanitize the rule_name input to prevent path traversal sequences before processing.
Run the gel-mcp service with minimal filesystem privileges, ensuring it cannot read sensitive files outside the intended directory.
Implement path canonicalization to ensure that resolved paths remain within the designated RULES_DIR directory.
Monitor for exploit attempts and unusual access patterns targeting the fetch_rule function.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary local file read via path traversal, potentially exposing sensitive files on the system. This can lead to a high confidentiality impact since unauthorized disclosure of sensitive information is possible.
Such unauthorized disclosure of sensitive data could negatively affect compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access.
Mitigations such as restricting access to the vulnerable function, validating input paths, and running the service with minimal privileges are necessary to reduce the risk of data exposure and help maintain compliance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to invoke the fetch_rule function of the gel-mcp tool with crafted path traversal inputs in the rule_name argument. For example, sending requests that include sequences like '../../../../../' to access files outside the intended directory can reveal if the system is vulnerable.
A practical detection method is to try fetching a known file outside the RULES_DIR, such as '../../../../../pyproject.toml', and observe if the contents of that file are returned.
Since the vulnerability involves remote invocation of the fetch_rule function, network monitoring for unusual requests containing path traversal patterns targeting this function can also help detect exploitation attempts.
- Use curl or similar tools to send a request to the fetch_rule endpoint with a path traversal payload, e.g.:
- curl -X GET 'http://<target>/fetch_rule?rule_name=../../../../../pyproject.toml'
- Monitor logs or network traffic for requests containing '../' sequences targeting the fetch_rule function.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the fetch_rule function to trusted users or networks only.
Validate and sanitize the input to the rule_name argument to prevent path traversal sequences from being processed.
Run the gel-mcp service with minimal filesystem privileges to limit the impact of any potential exploitation.
Implement canonicalization of file paths and ensure that resolved paths remain within the intended RULES_DIR directory before accessing files.