CVE-2026-27735
📋 TL;DR
This vulnerability allows attackers to stage files outside the repository boundaries using path traversal sequences (../) in the git_add tool. It affects users of mcp-server-git versions prior to 2026.1.14 who use the Model Context Protocol's git server implementation.
💻 Affected Systems
- mcp-server-git
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could stage sensitive system files into the Git index, potentially leading to data exfiltration or unauthorized access to files outside the repository.
Likely Case
Unauthorized staging of files from parent directories or other accessible locations, compromising repository integrity and potentially exposing sensitive data.
If Mitigated
With proper input validation and boundary checking, only files within the repository can be staged, maintaining expected security boundaries.
🎯 Exploit Status
Exploitation requires access to the git_add tool functionality and knowledge of path traversal techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2026.1.14
Vendor Advisory: https://github.com/modelcontextprotocol/servers/security/advisories/GHSA-vjqx-cfc4-9h6v
Restart Required: No
Instructions:
1. Update mcp-server-git to version 2026.1.14 or newer. 2. Use pip install --upgrade mcp-server-git or update through your package manager. 3. Verify the update completed successfully.
🔧 Temporary Workarounds
Input Validation Wrapper
allImplement custom validation to check file paths before passing to git_add tool
# Python example: validate path is within repo
import os
repo_path = '/path/to/repo'
file_path = os.path.abspath(os.path.join(repo_path, user_input))
if not file_path.startswith(repo_path):
raise ValueError('Path outside repository boundaries')
🧯 If You Can't Patch
- Disable git_add tool functionality if not required
- Implement strict access controls to limit who can use the git_add tool
🔍 How to Verify
Check if Vulnerable:
Check mcp-server-git version with: pip show mcp-server-git | grep VersionCheck Version:
pip show mcp-server-git | grep VersionVerify Fix Applied:
Verify version is 2026.1.14 or newer and test that path traversal attempts are rejected📡 Detection & Monitoring
Log Indicators:
- Failed path validation attempts
- Git operations with ../ sequences in file paths
- Unauthorized file staging attempts
Network Indicators:
- Unusual Git protocol activity from unexpected sources
SIEM Query:
source="mcp-server" AND ("../" OR "path traversal" OR "git_add")