CVE-2026-7627
Deferred Deferred - Pending Action
Path Traversal in 8nite Metatrader-4-MCP

Publication date: 2026-05-02

Last updated on: 2026-05-05

Assigner: VulDB

Description
A security vulnerability has been detected in 8nite metatrader-4-mcp 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such manipulation of the argument ea_name leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-02
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7627
EUVD
EUVD-2026-26777
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
8nite metatrader-4-mcp 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7627 is a security vulnerability in the 8nite metatrader-4-mcp project, specifically affecting the function CallToolRequestSchema in the sync_ea_from_file component. The vulnerability arises because the argument ea_name is not properly validated, allowing an attacker to perform path traversal attacks. This means an attacker can manipulate file paths to create or overwrite files outside the intended directories on the server.

The vulnerability allows remote attackers with network access to the MCP interface to write arbitrary files anywhere the server process has permission, bypassing intended directory restrictions. It also enables reading arbitrary local files and writing their contents to attacker-chosen locations. The root cause is improper path construction and lack of safe directory boundary enforcement in multiple functions.

Impact Analysis

This vulnerability can have several impacts:

  • An attacker can write arbitrary files on the server, potentially overwriting critical files and disrupting system integrity and availability.
  • An attacker can read sensitive local files and expose confidential information, leading to confidentiality breaches.
  • Because the MCP server communicates with MetaTrader 4 using unencrypted file-based methods, sensitive trading data such as account information, market data, and order commands can be exposed or manipulated.
  • Unauthorized trading actions could be performed if attackers manipulate these files, potentially causing financial loss.

Overall, the vulnerability poses low to medium confidentiality risks but high integrity and availability risks, especially if the MCP server is exposed without proper access controls.

Detection Guidance

This vulnerability can be detected by monitoring for unusual file write or read operations involving the MCP server tools, especially those that involve path traversal sequences like '../' in the ea_name or file_path arguments.

Commands to detect exploitation attempts could include searching server logs or monitoring filesystem activity for suspicious file creations or modifications outside the intended directories such as 'ea-strategies/active' or 'ea-strategies/logs'.

  • Use grep or similar tools to find path traversal patterns in logs: grep -r "\.\./" /path/to/mcp/logs
  • Monitor filesystem changes with tools like inotifywait or auditd to detect writes outside expected directories.
  • Check for unexpected files created in the server working directory, e.g., ls -l /path/to/mcp/working_directory
Mitigation Strategies

Immediate mitigation steps include restricting access to the MCP server to trusted clients only and running the MCP server process under a low-privilege user account to limit filesystem write permissions.

Additionally, applying OS-level sandboxing or filesystem permission controls to prevent writes outside the intended directories can reduce the risk of exploitation.

Since no fixed version is available, it is also recommended to monitor for suspicious activity and avoid exposing the MCP server interface to untrusted networks.

Long-term fixes involve validating and canonicalizing the ea_name and file_path arguments to prevent path traversal and enforcing directory containment checks in the application code.

Compliance Impact

The vulnerability allows attackers to read and write arbitrary files on the server, potentially exposing sensitive data such as trading credentials, account information, and transaction details stored in unencrypted text files.

This exposure of confidential financial and personal data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access and ensuring data integrity.

The lack of encryption and proper access controls in the file-based communication mechanism increases the risk of data breaches, which may violate regulatory requirements for confidentiality, integrity, and availability of protected data.

Therefore, exploitation of this vulnerability could result in regulatory compliance failures related to protecting personal and financial data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7627. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart