CVE-2026-33989
Published: 27 March 2026
Summary
CVE-2026-33989 is a high-severity Path Traversal (CWE-22) vulnerability in Mobilenexthq Mobile Mcp. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of saveTo and output parameters to block path traversal sequences before filesystem operations.
Mandates identification, reporting, and correction of the path traversal flaw, such as upgrading to version 0.0.49.
Enforces logical access controls to restrict file writes outside the intended workspace even if traversal occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in network-accessible MCP server enables initial exploitation via T1190; resulting arbitrary overwrites of critical files directly facilitate stored data manipulation (T1565.001) for integrity/availability impact.
NVD Description
Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations…
more
without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue.
Deeper analysisAI
CVE-2026-33989 is a path traversal vulnerability (CWE-22, CWE-73) affecting the `@mobilenext/mobile-mcp` server, part of Mobile Next, an MCP server used for mobile development and automation. In versions prior to 0.0.49, the `mobile_save_screenshot` and `mobile_start_screen_recording` tools insecurely handle the `saveTo` and `output` parameters, passing them directly to filesystem operations without validation. This allows arbitrary file writes outside the intended workspace. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) and was published on 2026-03-27.
An unauthenticated attacker with network access to the server can exploit this vulnerability by tricking a user into invoking the affected tools with specially crafted `saveTo` or `output` parameters, such as those using directory traversal sequences like `../`. Successful exploitation enables writing files to arbitrary locations on the server's filesystem, potentially overwriting critical files and resulting in high integrity and availability impacts, though no confidentiality loss.
The GitHub security advisory (GHSA-3p2m-h2v6-g9mx), release notes for version 0.0.49, and fixing commit (f5e32295903128c1e71cf915ae6c0b76c7b0153b) confirm that upgrading to version 0.0.49 resolves the issue by adding proper validation to the parameters before filesystem operations. Security practitioners should prioritize updating affected instances and review logs for suspicious tool invocations.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, mcp