Description
excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely), an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on the host filesystem by supplying crafted filepath arguments to any of the 25 exposed MCP tool handlers. The server is intended to confine file operations to a directory set by the EXCEL_FILES_PATH environment variable. The function responsible for enforcing this boundary — get_excel_path() — fails to do so due to two independent flaws: it passes absolute paths through without any check, and it joins relative paths without resolving or validating the result. Combined with zero authentication on the default network-facing transport and a default bind address of 0.0.0.0 (all interfaces), this allows trivial remote exploitation. This vulnerability is fixed in 0.1.8.
Published: 2026-04-21
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Manipulation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a path traversal flaw (CWE‑22) that permits an unauthenticated attacker to supply crafted file paths to any of the 25 exposed MCP tool handlers. In SSE or Streamable‑HTTP transport mode the server is intended to confine file operations to the directory set by the EXCEL_FILES_PATH environment variable, but the enforcement function fails to check absolute paths and does not resolve relative paths, allowing the attacker to read, write, or overwrite any file on the host filesystem. This could lead to unauthorized data disclosure, tampering, or potentially execution of malicious code if files are written where they can be executed.

Affected Systems

The affected product is haris‑musa's excel‑mcp‑server, with versions up to and including 0.1.7 vulnerable. The vulnerability is relevant when the server runs in SSE or Streamable‑HTTP transport mode, which are the documented methods for remote use. The server relies on the EXCEL_FILES_PATH environment variable to limit file operations, but this checkpoint is bypassed by the flaw.

Risk and Exploitability

The CVSS score is 9.4, indicating high severity, and the EPSS score is not available; it is not listed in the CISA KEV catalog. The default configuration binds to 0.0.0.0 (all interfaces) with no authentication, giving an attacker trivial remote access to the vulnerability. Attack conditions require only network connectivity to the exposed transport, making exploitation straightforward.

Generated by OpenCVE AI on April 21, 2026 at 22:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade excel‑mcp‑server to version 0.1.8 or later, where the path traversal checks are corrected.
  • If an upgrade is not immediately possible, restrict network access to the server by firewall or binding the service to localhost to prevent external connections.
  • Set the EXCEL_FILES_PATH to a non‑privileged, secure directory and verify that the server does not use absolute paths; consider disabling SSE or Streamable-HTTP transport mode if authentication is required.

Generated by OpenCVE AI on April 21, 2026 at 22:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j98m-w3xp-9f56 excel-mcp-server has a Path Traversal issue
History

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Haris-musa
Haris-musa excel-mcp-server
Vendors & Products Haris-musa
Haris-musa excel-mcp-server

Tue, 21 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode (the documented way to use this server remotely), an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on the host filesystem by supplying crafted filepath arguments to any of the 25 exposed MCP tool handlers. The server is intended to confine file operations to a directory set by the EXCEL_FILES_PATH environment variable. The function responsible for enforcing this boundary — get_excel_path() — fails to do so due to two independent flaws: it passes absolute paths through without any check, and it joins relative paths without resolving or validating the result. Combined with zero authentication on the default network-facing transport and a default bind address of 0.0.0.0 (all interfaces), this allows trivial remote exploitation. This vulnerability is fixed in 0.1.8.
Title Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H'}

Subscriptions

Haris-musa Excel-mcp-server
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-21T16:50:25.987Z

Reserved: 2026-04-14T13:24:29.475Z

Link: CVE-2026-40576

cve-icon Vulnrichment

Updated: 2026-04-21T16:50:18.467Z

cve-icon NVD

Status : Received

Published: 2026-04-21T17:16:55.870

Modified: 2026-04-21T17:16:55.870

Link: CVE-2026-40576

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:46:09Z

Weaknesses