Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for code-mcp by 54yyyu
CVE-2026-7812 (GCVE-0-2026-7812)
Vulnerability from nvd – Published: 2026-05-05 04:15 – Updated: 2026-05-06 14:06
VLAI
Title
54yyyu code-mcp MCP Tool server.py git_operation command injection
Summary
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/361072 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/361072/cti | signaturepermissions-required |
| https://vuldb.com/submit/807752 | third-party-advisory |
| https://github.com/54yyyu/code-mcp/issues/5 | exploitissue-tracking |
| https://github.com/54yyyu/code-mcp/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:06:13.265894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:06:31.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"MCP Tool"
],
"product": "code-mcp",
"vendor": "54yyyu",
"versions": [
{
"status": "affected",
"version": "4cfc4643541a110c906d93635b391bf7e357f4a8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CPT_Penner (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T04:15:12.122Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-361072 | 54yyyu code-mcp MCP Tool server.py git_operation command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/361072"
},
{
"name": "VDB-361072 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/361072/cti"
},
{
"name": "Submit #807752 | 54yyyu code-mcp 4cfc4643541a110c906d93635b391bf7e357f4a8 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807752"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/54yyyu/code-mcp/issues/5"
},
{
"tags": [
"product"
],
"url": "https://github.com/54yyyu/code-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-04T23:31:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "54yyyu code-mcp MCP Tool server.py git_operation command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7812",
"datePublished": "2026-05-05T04:15:12.122Z",
"dateReserved": "2026-05-04T21:25:51.261Z",
"dateUpdated": "2026-05-06T14:06:31.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7811 (GCVE-0-2026-7811)
Vulnerability from nvd – Published: 2026-05-05 04:00 – Updated: 2026-05-05 13:41
VLAI
Title
54yyyu code-mcp MCP File server.py is_safe_path path traversal
Summary
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/361071 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/361071/cti | signaturepermissions-required |
| https://vuldb.com/submit/807751 | third-party-advisory |
| https://github.com/54yyyu/code-mcp/issues/4 | exploitissue-tracking |
| https://github.com/54yyyu/code-mcp/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7811",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:41:01.054759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T13:41:25.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"MCP File Handler"
],
"product": "code-mcp",
"vendor": "54yyyu",
"versions": [
{
"status": "affected",
"version": "4cfc4643541a110c906d93635b391bf7e357f4a8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CPT_Penner (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T04:00:21.402Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-361071 | 54yyyu code-mcp MCP File server.py is_safe_path path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/361071"
},
{
"name": "VDB-361071 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/361071/cti"
},
{
"name": "Submit #807751 | 54yyyu code-mcp 4cfc4643541a110c906d93635b391bf7e357f4a8 Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807751"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/54yyyu/code-mcp/issues/4"
},
{
"tags": [
"product"
],
"url": "https://github.com/54yyyu/code-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-04T23:29:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "54yyyu code-mcp MCP File server.py is_safe_path path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7811",
"datePublished": "2026-05-05T04:00:21.402Z",
"dateReserved": "2026-05-04T21:24:12.293Z",
"dateUpdated": "2026-05-05T13:41:25.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7812 (GCVE-0-2026-7812)
Vulnerability from cvelistv5 – Published: 2026-05-05 04:15 – Updated: 2026-05-06 14:06
VLAI
Title
54yyyu code-mcp MCP Tool server.py git_operation command injection
Summary
A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/361072 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/361072/cti | signaturepermissions-required |
| https://vuldb.com/submit/807752 | third-party-advisory |
| https://github.com/54yyyu/code-mcp/issues/5 | exploitissue-tracking |
| https://github.com/54yyyu/code-mcp/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7812",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:06:13.265894Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:06:31.385Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"MCP Tool"
],
"product": "code-mcp",
"vendor": "54yyyu",
"versions": [
{
"status": "affected",
"version": "4cfc4643541a110c906d93635b391bf7e357f4a8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CPT_Penner (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T04:15:12.122Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-361072 | 54yyyu code-mcp MCP Tool server.py git_operation command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/361072"
},
{
"name": "VDB-361072 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/361072/cti"
},
{
"name": "Submit #807752 | 54yyyu code-mcp 4cfc4643541a110c906d93635b391bf7e357f4a8 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807752"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/54yyyu/code-mcp/issues/5"
},
{
"tags": [
"product"
],
"url": "https://github.com/54yyyu/code-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-04T23:31:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "54yyyu code-mcp MCP Tool server.py git_operation command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7812",
"datePublished": "2026-05-05T04:15:12.122Z",
"dateReserved": "2026-05-04T21:25:51.261Z",
"dateUpdated": "2026-05-06T14:06:31.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7811 (GCVE-0-2026-7811)
Vulnerability from cvelistv5 – Published: 2026-05-05 04:00 – Updated: 2026-05-05 13:41
VLAI
Title
54yyyu code-mcp MCP File server.py is_safe_path path traversal
Summary
A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/361071 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/361071/cti | signaturepermissions-required |
| https://vuldb.com/submit/807751 | third-party-advisory |
| https://github.com/54yyyu/code-mcp/issues/4 | exploitissue-tracking |
| https://github.com/54yyyu/code-mcp/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7811",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T13:41:01.054759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T13:41:25.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"MCP File Handler"
],
"product": "code-mcp",
"vendor": "54yyyu",
"versions": [
{
"status": "affected",
"version": "4cfc4643541a110c906d93635b391bf7e357f4a8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CPT_Penner (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T04:00:21.402Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-361071 | 54yyyu code-mcp MCP File server.py is_safe_path path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/361071"
},
{
"name": "VDB-361071 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/361071/cti"
},
{
"name": "Submit #807751 | 54yyyu code-mcp 4cfc4643541a110c906d93635b391bf7e357f4a8 Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807751"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/54yyyu/code-mcp/issues/4"
},
{
"tags": [
"product"
],
"url": "https://github.com/54yyyu/code-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-04T23:29:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "54yyyu code-mcp MCP File server.py is_safe_path path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7811",
"datePublished": "2026-05-05T04:00:21.402Z",
"dateReserved": "2026-05-04T21:24:12.293Z",
"dateUpdated": "2026-05-05T13:41:25.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}