CVE-2026-7811

High

Published: 05 May 2026

Published

05 May 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0005 13.9th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the…

attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-10 Information Input Validation

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

Security SummaryAI

CVE-2026-7811 is a path traversal vulnerability in the 54yyyu code-mcp project up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8. The issue affects the is_safe_path function within the src/code_mcp/server.py file of the MCP File Handler component. Manipulation of this function enables improper path validation, allowing attackers to access unintended files or directories outside the intended scope.

The vulnerability can be exploited remotely by unauthenticated attackers with network access, requiring low complexity and no user interaction, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation grants limited impact on confidentiality, integrity, and availability, potentially allowing read/write access to files or minor disruption via traversed paths.

Advisories from VulDB and the project's GitHub repository note that code-mcp follows a rolling release model, providing no specific affected or patched version details. The project was notified early via GitHub issue #4 but has not yet responded or issued mitigations. Security practitioners should monitor the repository at https://github.com/54yyyu/code-mcp/ for updates.

The exploit has been publicly disclosed and may be actively used, classified under CWE-22. No evidence of widespread real-world exploitation is available in current references.

Details

CWE(s): CWE-22

AI Security AnalysisAI

AI Category: AI Agent Protocols and Integrations
Risk Domain: Protocol-Specific Risks
OWASP Top 10 for LLMs 2025: None mapped
MITRE ATLAS Techniques: None mapped
Classification Reason: Matched keywords: mcp, mcp

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1105 Ingress Tool Transfer Command And Control

Adversaries may transfer tools or other files from an external system into a compromised environment.

attack.mitre.org →

Why these techniques?

Path traversal in remotely accessible MCP File Handler directly enables T1190 for initial access; bypassed is_safe_path allows unauthorized local file read (T1005) and write (T1105) operations.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/54yyyu/code-mcp/
cna@vuldb.com
https://github.com/54yyyu/code-mcp/issues/4
cna@vuldb.com
https://vuldb.com/submit/807751
cna@vuldb.com
https://vuldb.com/vuln/361071
cna@vuldb.com
https://vuldb.com/vuln/361071/cti
cna@vuldb.com