CVE-2026-15528
Received Received - Intake

Path Validation Bypass in KiCad MCP

Vulnerability report for CVE-2026-15528, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicad_mcp/utils/path_validator.py. Performing a manipulation of the argument project_path/schematic_path results in protection mechanism failure. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
lamaalrajih kicad-mcp to 3.3.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the lamaalrajih kicad-mcp project up to version 3.3.1, specifically in the handling of file paths within the kicad_mcp/utils/path_validator.py module.

Although a PathValidator class was implemented to prevent path traversal attacks, it is not actually used by any of the 15 MCP tool handlers that accept project_path or schematic_path arguments.

As a result, these handlers directly pass user-supplied paths to filesystem functions like os.path.exists, open, and os.listdir without validation.

This allows an attacker with local access to manipulate the project_path or schematic_path arguments to bypass protection mechanisms, enabling filesystem probing and directory enumeration.

Attackers can confirm the existence and readability of any filesystem path, enumerate directories for files matching KiCad extensions, and trigger file open attempts, potentially leaking sensitive information through error messages and directory listings.

Impact Analysis

This vulnerability can impact you by allowing a local attacker to probe your filesystem and enumerate directories through manipulated path arguments.

Although the attacker cannot directly read file contents, they can confirm the existence and readability of files and directories, and gain information about the filesystem structure.

This information leakage can aid attackers in planning further attacks or gaining unauthorized insights into your system.

Since the exploit is publicly known, the risk of exploitation is increased if local access is possible.

Detection Guidance

This vulnerability involves bypassing the PathValidator in kicad-mcp tools, allowing filesystem probing and directory enumeration via the project_path or schematic_path parameters.

Detection can focus on monitoring local usage of kicad-mcp version 3.3.1 or earlier, especially commands or API calls that pass user-supplied paths directly to filesystem functions like os.path.exists, open, or os.listdir without validation.

Since the attack requires local access, you can check for suspicious local commands or scripts invoking kicad-mcp tools with unusual or crafted project_path or schematic_path arguments.

Suggested commands to detect exploitation attempts include searching for usage of kicad-mcp tools with path arguments, for example:

  • Use process monitoring tools (e.g., ps, top) to identify running kicad-mcp processes with suspicious parameters.
  • Check shell history for commands invoking kicad-mcp tools with unusual paths: `grep kicad-mcp ~/.bash_history`
  • Audit filesystem access logs or use tools like `auditd` to monitor calls to open, list directories, or check existence of files triggered by kicad-mcp processes.
  • Run static code analysis or grep on the kicad-mcp source to verify if PathValidator is applied: `grep -r PathValidator .`
Mitigation Strategies

The immediate mitigation is to ensure that the existing PathValidator module is applied to all MCP tool handlers that accept project_path or schematic_path arguments before any filesystem operations are performed.

Since the vulnerability arises because the PathValidator is implemented but not integrated, applying it properly will prevent path traversal and unauthorized filesystem probing.

Additional steps include restricting local access to the kicad-mcp tools to trusted users only, as the attack requires local access.

Monitoring for updates or patches from the project is recommended, although as of now the project has not responded to the issue report.

Compliance Impact

The vulnerability allows local attackers to bypass path validation mechanisms, enabling filesystem probing and directory enumeration. This can lead to leakage of sensitive information such as the existence and readability of files and directory contents related to KiCad projects.

Although file contents are not directly exposed, error messages and directory listings can leak sensitive information, which may impact the confidentiality of data.

Such information leakage could potentially affect compliance with data protection regulations like GDPR or HIPAA if the leaked information includes personal or sensitive data, as these standards require protection against unauthorized access and disclosure of sensitive information.

However, the vulnerability requires local access and does not allow remote exploitation, which may limit the scope of compliance impact depending on the environment and data handled.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15528. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart