CVE-2026-7715
Path Traversal in ravenwits MCP Server for ArangoDB
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ravenwits | mcp-server-arangodb | to 0.4.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7715 is an arbitrary file write vulnerability in the mcp-server-arangodb tool, specifically in the arango_backup function of the MCP Interface component.
The vulnerability arises because the tool accepts a user-supplied outputDir argument, resolves it using path.resolve, creates the directory, and writes JSON backup files without restricting the destination to a safe backup root or validating against path traversal.
An attacker with network access to the MCP interface can exploit this flaw by specifying a malicious outputDir path, allowing them to write backup files to arbitrary writable locations on the filesystem.
This can lead to overwriting files, placing files in unintended locations, and potentially disrupting service or compromising data integrity.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to write files arbitrarily on the filesystem where the MCP server runs.
- Integrity risk: Attackers can overwrite existing files, potentially corrupting data or altering system behavior.
- Availability risk: Attackers could fill disk space or overwrite critical files, causing service disruption or denial of service.
- Confidentiality risk: Depending on where files are written, sensitive database backup data could be exposed.
The vulnerability requires network access to the MCP interface and some level of permissions, but if exploited, it can lead to significant security impacts including data integrity loss and service availability issues.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unexpected or unauthorized backup activities involving the MCP server's arango_backup tool, especially those specifying unusual or absolute paths in the outputDir argument.
Since the vulnerability involves arbitrary file writes via the outputDir argument, detection can include checking for creation of backup files outside the intended backup root directory.
Suggested detection commands include searching for recently created backup files in unusual locations, for example:
- Find backup files created outside the expected directory, e.g., using: find / -name '*backup_docs.json' -mtime -7
- Check running MCP server processes and their command-line arguments for suspicious outputDir values.
- Monitor network traffic for calls to the MCP interface invoking arango_backup with suspicious parameters.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the MCP server to trusted users and networks only, to prevent unauthorized invocation of the arango_backup tool.
Run the MCP server with the lowest possible privileges to limit filesystem write permissions and reduce the impact of exploitation.
Configure filesystem permissions to prevent the MCP server process from writing outside designated backup directories.
Monitor backup activities for unexpected or suspicious outputDir arguments and file creations.
Since no fixed version or official patch is available, avoid exposing the MCP interface to untrusted networks until a fix is released.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker with network access to write backup files to arbitrary filesystem locations, potentially exposing sensitive database content and enabling file overwrites or service disruption.
This can lead to confidentiality breaches (exposure of sensitive data), integrity violations (unauthorized file overwrites), and availability issues (service disruption or disk filling), all of which can negatively impact compliance with standards such as GDPR and HIPAA that require protection of data confidentiality, integrity, and availability.
Mitigations include restricting server access, running with low privileges, and monitoring backup activities, which are important controls to maintain compliance.