CVE-2026-15522
Received Received - Intake

Path Traversal in Godot-MCP Application

Vulnerability report for CVE-2026-15522, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component run_project. The manipulation of the argument projectPath results in path traversal. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.0.0 addresses this issue. The patch is identified as eb63add552aa4bd9205395cf91b40654654a3cf2. It is suggested to upgrade the affected component.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
tugcantopaloglu godot-mcp to 3.0.0 (exc)
tugcantopaloglu godot-mcp 3.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15522 is a security flaw in the godot-mcp project, specifically in the run_project component's validatePath function. The vulnerability arises because the projectPath argument is not properly validated, allowing path traversal attacks when called locally.

An attacker can specify any writable local directory containing a Godot project file, causing the server to inject a malicious script into that project directory. This script enables a persistent runtime-control channel capable of executing arbitrary code.

The injected code executes automatically when the victim opens or runs the modified project, allowing persistent unauthorized control. The vulnerability does not require Godot to be installed or launched, as the malicious files are written before the Godot process starts.

Impact Analysis

This vulnerability can lead to persistent unauthorized code execution on any writable local Godot project accessible to the MCP server process.

An attacker with local access can inject malicious scripts that run automatically, potentially compromising the integrity and security of your Godot projects.

This could result in arbitrary code execution, unauthorized modifications to project files, and persistent backdoors that execute whenever the project is opened or run.

Detection Guidance

The vulnerability involves manipulation of the projectPath argument leading to path traversal and persistent injection of a malicious script into writable local Godot project directories. Detection involves checking for unauthorized modifications in project directories, specifically the presence of the injected script file `mcp_interaction_server.gd` and changes to the `project.godot` file that add autoload entries pointing to this script.

To detect this on your system, you can search for the injected script and suspicious autoload entries in Godot project directories accessible to the MCP server process.

  • Find all instances of the injected script: `find /path/to/projects -name mcp_interaction_server.gd`
  • Check for autoload entries in `project.godot` files referencing the injected script: `grep -r 'mcp_interaction_server.gd' /path/to/projects`

Since the vulnerability requires local access and involves filesystem writes before Godot runs, monitoring filesystem changes in project directories or auditing recent modifications to `project.godot` files can also help detect exploitation.

Mitigation Strategies

The primary mitigation step is to upgrade the affected component godot-mcp to version 3.0.0 or later, as this version includes a patch that fixes the vulnerability.

The patch introduces an allowlist environment variable (`GODOT_MCP_ALLOWED_DIRS`) to restrict project execution to trusted directories, preventing unauthorized path traversal and injection.

Additionally, ensure that only trusted users have local access to the MCP server environment, as the exploit requires local attack vector.

Review and restrict writable permissions on Godot project directories to prevent unauthorized modifications.

Compliance Impact

The vulnerability allows an attacker with local access to perform path traversal and inject persistent malicious scripts into writable local Godot project directories. This unauthorized code execution and modification of project files could lead to unauthorized access or manipulation of sensitive data if such data is stored or processed within affected projects.

While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, the ability to execute arbitrary code and persistently modify project files could potentially lead to breaches of confidentiality, integrity, and availability of data. Such breaches may result in non-compliance with data protection regulations that require safeguarding personal or sensitive information.

Therefore, organizations using the affected component without applying the patch or upgrade to version 3.0.0 risk violating compliance requirements related to data security and privacy, especially if the compromised environment handles regulated data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15522. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart