CVE-2026-9467

debugmcp mcp-debugger server.ts handleGetSourceContext path traversal

CVSS 5.3 MEDIUMEPSS 0.4%CWE-22

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Produtos afetados

debugmcp · mcp-debugger

PoCs públicas encontradas — 1

cve_referencegithub.com/hyk6225/public_exp/issues/1não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/hyk6225/public_exp/issues/1 https://vuldb.com/submit/813980 https://vuldb.com/vuln/365448 https://vuldb.com/vuln/365448/cti