CVE-2026-53766
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description
Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by checking whether path.resolve(filePath) textually falls under one of the configured root paths. path.resolve() does not canonicalize symbolic links. As a result, a symlink inside a configured workspace root can point to a file outside that root, pass validation, and then be followed by downstream file read/write operations. This bypass applies even when the MCP client correctly declares the roots capability with a non-empty list. It is separate from the documented legacy behavior where missing roots capability allows all paths. The practical impact is a workspace-boundary bypass. In the write direction, filePath-writing tools can overwrite out-of-root files through an in-root symlink. In the read direction, upload_file can read through the symlink and send the file to the currently selected web page. This vulnerability is fixed in 1.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53766
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can impact you by allowing unauthorized access and modification of files outside the intended workspace boundaries in Chrome DevTools for agents.

  • An attacker or malicious tool could overwrite files outside the workspace root, potentially damaging or altering important files.
  • Sensitive files outside the workspace root could be read and exposed to the currently selected web page, leading to information disclosure.
  • This could lead to integrity and availability issues with your files and data, as indicated by the CVSS score impact on integrity and availability.
Mitigation Strategies

To mitigate this vulnerability, upgrade Chrome DevTools for agents (chrome-devtools-mcp) to version 1.1.0 or later, where the issue with workspace-boundary bypass via symlinks has been fixed.

Executive Summary

This vulnerability exists in Chrome DevTools for agents (chrome-devtools-mcp) versions from 0.24.0 until 1.1.0. The issue is with the McpContext.validatePath() function, which tries to enforce workspace root boundaries by checking if a file path falls under configured root paths using path.resolve(filePath). However, path.resolve() does not resolve symbolic links (symlinks) to their canonical paths.

Because of this, a symlink inside a configured workspace root can point to a file outside that root and still pass validation. This allows an attacker to bypass the workspace boundary restrictions. As a result, file read and write operations can access or modify files outside the intended workspace root by following these symlinks.

Specifically, writing tools can overwrite files outside the root through an in-root symlink, and reading tools can read files outside the root and send them to the selected web page. This vulnerability was fixed in version 1.1.0.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53766. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart