CVE-2026-7400
Published: 29 April 2026
Summary
CVE-2026-7400 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely patching and upgrading of vulnerable software, directly addressing CVE-2026-7400 by applying the fix in version 1.1.0.
SI-10 mandates validation of inputs to functions like is_path_allowed, blocking path traversal sequences such as '../' in read_file_tool and write_file_tool.
AC-3 enforces access controls to restrict file operations to authorized paths, mitigating unauthorized traversal beyond intended directories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in network-accessible server enables remote unauthenticated exploitation (T1190) for unauthorized local file reads (T1005) and stored data writes/manipulation (T1565.001).
NVD Description
A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function is_path_allowed of the file server.py of the component read_file_tool/write_file_tool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has been…
more
disclosed publicly and may be used. Upgrading to version 1.1.0 is capable of addressing this issue. The name of the patch is 45364545fc60dc80aadcd4379f08042d3d3d292e. Upgrading the affected component is advised.
Deeper analysisAI
CVE-2026-7400 is a path traversal vulnerability (CWE-22) in the geekgod382 filesystem-mcp-server version 1.0.0. The issue resides in the is_path_allowed function within the server.py file, affecting the read_file_tool and write_file_tool components. It has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and lack of prerequisites.
Remote attackers can exploit this vulnerability without authentication or user interaction by manipulating inputs to the affected functions, enabling traversal outside intended directories. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, such as unauthorized reading or writing of files beyond the restricted paths.
Mitigation involves upgrading to version 1.1.0, which addresses the issue via the patch commit 45364545fc60dc80aadcd4379f08042d3d3d292e. Relevant advisories and resources are available on the project's GitHub repository, including the security issue tracker and release notes.
The exploit has been publicly disclosed, increasing the risk of active use against unpatched instances.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp