CVE-2026-7237
Published: 28 April 2026
Summary
CVE-2026-7237 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-7237 by requiring timely patching to version 1.1.0, which resolves the path traversal flaw via commit c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6.
Validates the manipulated file_path argument in the write-to-file Tool to block path traversal sequences like '../', preventing unauthorized file access outside intended directories.
Enforces logical access controls on file system resources to restrict unauthorized reading or writing resulting from path traversal exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in remote write-to-file component (AV:N, no auth) directly enables remote exploitation of public-facing app (T1190), arbitrary local file reads (T1005), and writing/transferring files into the environment (T1105).
NVD Description
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file_path results in path traversal. The attack may…
more
be launched remotely. The exploit is now public and may be used. Upgrading to version 1.1.0 can resolve this issue. The patch is identified as c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6. You should upgrade the affected component.
Deeper analysisAI
CVE-2026-7237 is a path traversal vulnerability (CWE-22) in AgiFlow scaffold-mcp versions up to 1.0.27. The issue affects an unknown functionality within the write-to-file Tool component, specifically in the file packages/scaffold-mcp/src/server/index.ts. Published on 2026-04-28, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
Remote attackers can exploit this vulnerability by manipulating the file_path argument, requiring no authentication or user interaction. Successful exploitation enables limited impacts to confidentiality, integrity, and availability, such as unauthorized reading or writing outside intended directories. The exploit is publicly available.
Advisories recommend upgrading to version 1.1.0, which resolves the issue via patch commit c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6. Supporting resources include the AgiFlow/aicode-toolkit GitHub repository's commit, issue #88, pull request #89, and release tag @agiflowai/aicode-toolkit@1.1.0, along with a VulDB entry.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp, mcp