Cyber Resilience

CVE-2026-7811

Medium

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0007 20.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7811 is a medium-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-7811 is a path traversal vulnerability in the 54yyyu code-mcp project up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8. The issue affects the is_safe_path function within the src/code_mcp/server.py file of the MCP File Handler component. Manipulation of this function enables improper path validation, allowing attackers to access unintended files or directories outside the intended scope.

The vulnerability can be exploited remotely by unauthenticated attackers with network access, requiring low complexity and no user interaction, as indicated by its CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). Successful exploitation grants limited impact on confidentiality, integrity, and availability, potentially allowing read/write access to files or minor disruption via traversed paths.

Advisories from VulDB and the project's GitHub repository note that code-mcp follows a rolling release model, providing no specific affected or patched version details. The project was notified early via GitHub issue #4 but has not yet responded or issued mitigations. Security practitioners should monitor the repository at https://github.com/54yyyu/code-mcp/ for updates.

The exploit has been publicly disclosed and may be actively used, classified under CWE-22. No evidence of widespread real-world exploitation is available in current references.

EU & UK References

Vulnerability details

A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function is_safe_path of the file src/code_mcp/server.py of the component MCP File Handler. Such manipulation leads to path traversal. It is possible to launch the…

more

attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Path traversal in remotely accessible MCP File Handler directly enables T1190 for initial access; bypassed is_safe_path allows unauthorized local file read (T1005) and write (T1105) operations.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40576Shared CWE-22
CVE-2026-7237Shared CWE-22
CVE-2026-7788Shared CWE-22
CVE-2026-7149Shared CWE-22
CVE-2026-7272Shared CWE-22
CVE-2026-7386Shared CWE-22
CVE-2026-7205Shared CWE-22
CVE-2026-7319Shared CWE-22
CVE-2026-7594Shared CWE-22
CVE-2026-7315Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of file path inputs to the is_safe_path function, blocking the path traversal that enables unauthorized file access.

prevent

Enforces access decisions on file resources so that only paths explicitly authorized by policy are permitted, mitigating the flawed is_safe_path logic.

prevent

Controls information flows between the MCP File Handler and the underlying file system, limiting unintended traversal across directory boundaries.

References