CVE-2026-7627
Path Traversal in 8nite Metatrader-4-MCP
Publication date: 2026-05-02
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| 8nite | metatrader-4-mcp | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7627 is a security vulnerability in the 8nite metatrader-4-mcp project, specifically affecting the function CallToolRequestSchema in the sync_ea_from_file component. The vulnerability arises because the argument ea_name is not properly validated, allowing an attacker to perform path traversal attacks. This means an attacker can manipulate file paths to create or overwrite files outside the intended directories on the server.
The vulnerability allows remote attackers with network access to the MCP interface to write arbitrary files anywhere the server process has permission, bypassing intended directory restrictions. It also enables reading arbitrary local files and writing their contents to attacker-chosen locations. The root cause is improper path construction and lack of safe directory boundary enforcement in multiple functions.
How can this vulnerability impact me? :
This vulnerability can have several impacts:
- An attacker can write arbitrary files on the server, potentially overwriting critical files and disrupting system integrity and availability.
- An attacker can read sensitive local files and expose confidential information, leading to confidentiality breaches.
- Because the MCP server communicates with MetaTrader 4 using unencrypted file-based methods, sensitive trading data such as account information, market data, and order commands can be exposed or manipulated.
- Unauthorized trading actions could be performed if attackers manipulate these files, potentially causing financial loss.
Overall, the vulnerability poses low to medium confidentiality risks but high integrity and availability risks, especially if the MCP server is exposed without proper access controls.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual file write or read operations involving the MCP server tools, especially those that involve path traversal sequences like '../' in the ea_name or file_path arguments.
Commands to detect exploitation attempts could include searching server logs or monitoring filesystem activity for suspicious file creations or modifications outside the intended directories such as 'ea-strategies/active' or 'ea-strategies/logs'.
- Use grep or similar tools to find path traversal patterns in logs: grep -r "\.\./" /path/to/mcp/logs
- Monitor filesystem changes with tools like inotifywait or auditd to detect writes outside expected directories.
- Check for unexpected files created in the server working directory, e.g., ls -l /path/to/mcp/working_directory
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the MCP server to trusted clients only and running the MCP server process under a low-privilege user account to limit filesystem write permissions.
Additionally, applying OS-level sandboxing or filesystem permission controls to prevent writes outside the intended directories can reduce the risk of exploitation.
Since no fixed version is available, it is also recommended to monitor for suspicious activity and avoid exposing the MCP server interface to untrusted networks.
Long-term fixes involve validating and canonicalizing the ea_name and file_path arguments to prevent path traversal and enforcing directory containment checks in the application code.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to read and write arbitrary files on the server, potentially exposing sensitive data such as trading credentials, account information, and transaction details stored in unencrypted text files.
This exposure of confidential financial and personal data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized access and ensuring data integrity.
The lack of encryption and proper access controls in the file-based communication mechanism increases the risk of data breaches, which may violate regulatory requirements for confidentiality, integrity, and availability of protected data.
Therefore, exploitation of this vulnerability could result in regulatory compliance failures related to protecting personal and financial data.