CVE-2026-7445
Path Traversal in ZachHandley ZMCPTools
Publication date: 2026-04-30
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zachhandley | zmcptools | to 0.2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in ZachHandley ZMCPTools up to version 0.2.2, specifically in the MCP Log Resource Handler component within the file src/managers/ResourceManager.ts. It involves the manipulation of the argument dirname, which leads to a path traversal issue. This means an attacker can manipulate file paths to access directories and files outside the intended scope.
The vulnerability can be exploited remotely, allowing an attacker to potentially access unauthorized files on the system.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to perform path traversal attacks remotely. This can lead to unauthorized access to sensitive files or directories on the affected system.
Such unauthorized access can compromise the confidentiality and integrity of data, potentially leading to information disclosure or further system compromise.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-7445 is a path traversal vulnerability that allows an attacker with access to the MCP interface to read arbitrary local files accessible to the server process. This leads to a high confidentiality risk as sensitive files could be exposed.
Exposure of sensitive data through arbitrary file reads can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which mandate strict controls over the confidentiality and protection of personal and sensitive information.
Since the vulnerability enables unauthorized access to potentially sensitive files, organizations using the affected software may face compliance issues related to data breach notification requirements and data security standards.
Can you explain this vulnerability to me?
CVE-2026-7445 is a Path Traversal and Arbitrary Local File Read vulnerability in ZachHandley ZMCPTools, specifically in the `resources/read` handler.
The vulnerability arises because the handler accepts a user-controlled URI in the format `logs://{dirname}/content?file={filename}` and constructs a filesystem path without proper validation.
Attackers can manipulate the `dirname` parameter using directory traversal sequences (e.g., ../) to access arbitrary local files on the server that the MCP server process has permission to read.
This means an attacker with access to the MCP interface can read sensitive files outside the intended log directory, such as `/etc/hosts`.
No fixed version is currently available, and the vulnerability was discovered through static analysis and dynamic reproduction with a proof of concept.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information by allowing attackers to read arbitrary local files on the server.
The confidentiality impact is high because attackers can access files that may contain sensitive data.
Integrity is not affected by this vulnerability, and availability impact is low, although reading large or special files could cause resource consumption or errors.
Exploitation requires the attacker to have access to the MCP resource interface and the server process to have read permissions on the targeted files.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the path traversal in the `resources/read` handler of the MCP interface. Specifically, you can test if the server improperly handles directory traversal sequences in the URI parameter `dirname`.
A practical detection method is to send a crafted request using the MCP SDK or a similar tool to the vulnerable endpoint with a URI like `logs://../../../../../../etc/content?file=hosts` and observe if the server returns the contents of the `/etc/hosts` file or other arbitrary files.
Example command using curl (assuming the MCP interface is accessible via HTTP and supports such requests):
- curl -X GET 'http://<target-server>/resources/read?uri=logs://../../../../../../etc/content?file=hosts'
If the response contains the contents of `/etc/hosts` or other sensitive files, the vulnerability is present.
Alternatively, use the MCP SDK to programmatically send the crafted `resources/read` request with the malicious URI to test for path traversal.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the MCP resource interface to trusted users only, as exploitation requires access to this interface.
- Disable or restrict the vulnerable `resources/read` handler or resource handlers that accept user-controlled URIs until a fix is available.
- Implement input validation to reject path traversal sequences such as '../' in the `dirname` parameter.
- Enforce path normalization and ensure that resolved filesystem paths remain within the intended log directory.
Since no fixed version is currently available, these mitigations are critical to reduce the risk of arbitrary local file reads.