Description
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool used GitPython's repo.index.add() rather than the Git CLI, relative paths containing `../` sequences that resolve outside the repository were accepted and staged into the Git index. Users are advised to upgrade to 2026.1.14 or newer to remediate this issue.
Published: 2026-02-25
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Staging Files Outside Repository Boundaries
Action: Patch
AI Analysis

Impact

Model Context Protocol Servers’ git_add tool fails to verify that paths specified in the files argument remain within the repository. This deficiency permits an attacker to craft relative paths containing sequences such as '../' that resolve to locations outside the intended repository. By doing so, the attacker can stage arbitrary files into the Git index, potentially overwriting or adding files critical to the server’s operation or secrets. The weakness exemplifies a classic directory traversal flaw (CWE-22).

Affected Systems

Any installation of Model Context Protocol Servers using a version prior to 2026.1.14 is vulnerable. The issue resides in the mcp-server-git component and is part of the reference implementation set for the model context protocol (MCP).

Risk and Exploitability

The vulnerability carries a CVSS score of 6.4, indicating moderate severity. The EPSS score is below 1%, suggesting a very low probability of exploitation as of this assessment. The CVE is not listed in CISA’s KEV catalog. Exploitation requires the ability to invoke git_add with a crafted files argument; if git_add is exposed through remote APIs or automation scripts, an unauthenticated or authenticated attacker could potentially cause the server process to write files outside the repository, leading to integrity or confidentiality violations. The lack of path validation thus elevates the risk for deployments that allow untrusted input to the git_add tool.

Generated by OpenCVE AI on April 17, 2026 at 14:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Model Context Protocol Servers to version 2026.1.14 or later, which enforces path validation in git_add.
  • Ensure that any scripts or services that invoke git_add are tightly controlled, allowing only trusted users or sanitized input.
  • If possible, restrict or remove remote interfaces that expose git_add functionality to prevent untrusted path manipulation.

Generated by OpenCVE AI on April 17, 2026 at 14:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vjqx-cfc4-9h6v mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
History

Tue, 14 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Lfprojects
Lfprojects model Context Protocol Servers
CPEs cpe:2.3:a:lfprojects:model_context_protocol_servers:*:*:*:*:*:*:*:*
Vendors & Products Lfprojects
Lfprojects model Context Protocol Servers
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Sat, 28 Feb 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Modelcontextprotocol
Modelcontextprotocol servers
Vendors & Products Modelcontextprotocol
Modelcontextprotocol servers

Thu, 26 Feb 2026 00:00:00 +0000

Type Values Removed Values Added
Description Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool used GitPython's repo.index.add() rather than the Git CLI, relative paths containing `../` sequences that resolve outside the repository were accepted and staged into the Git index. Users are advised to upgrade to 2026.1.14 or newer to remediate this issue.
Title mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 6.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Lfprojects Model Context Protocol Servers
Modelcontextprotocol Servers
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-26T17:04:59.103Z

Reserved: 2026-02-23T18:37:14.790Z

Link: CVE-2026-27735

cve-icon Vulnrichment

Updated: 2026-02-26T17:04:49.724Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-26T00:16:25.017

Modified: 2026-04-14T00:44:04.070

Link: CVE-2026-27735

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:45:21Z

Weaknesses