Description
Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync() to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDG_RUNTIME_DIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-<uid>/daemon.pid. Because the write does not use O_NOFOLLOW, a local low-privilege user on the same POSIX host can pre-create /tmp/chrome-devtools-mcp-<victim_uid>/daemon.pid as a symlink to a file writable by the victim. When the victim later starts daemon mode, fs.writeFileSync() follows the symlink and truncates the target file to the daemon PID string. This vulnerability is fixed in 1.1.0.
Published: 2026-06-24
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Chrome DevTools for agents (chrome-devtools-mcp) allows a coding agent to control and inspect a live Chrome browser. Between versions 0.20.0 and 1.1.0, the daemon writes a PID file with fs.writeFileSync() to a deterministic runtime path. On macOS and when $XDG_RUNTIME_DIR is unset on Linux, that path resolves to /tmp/chrome-devtools-mcp-<uid>/daemon.pid. Because the write does not use the O_NOFOLLOW flag, a local low‑privileged user can pre‑create that path as a symlink to any file they can write. When the daemon starts, fs.writeFileSync() follows the symlink and overwrites the target file with the daemon PID string. This allows an attacker to truncate or overwrite a file that the daemon writes, potentially resulting in unintended data loss or configuration corruption. The issue is fixed in version 1.1.0.

Affected Systems

Vulnerable versions of ChromeDevTools:chrome-devtools-mcp from 0.20.0 up to and including 1.1.0, on macOS and Linux systems where the XDG_RUNTIME_DIR environment variable is unset and the fallback path resolves to /tmp/chrome-devtools-mcp-<uid>/daemon.pid.

Risk and Exploitability

The CVSS score of 6.1 indicates medium severity. The EPSS score is unavailable, and the vulnerability is not listed in CISA’s KEV catalog, suggesting a low to moderate exploitation probability to date. A local attacker with a user account on the same host can trivially create the offending symlink and wait for the victim to launch the daemon. Once the daemon runs, the attacker’s symlink will cause the written PID string to overwrite the targeted file. Relying on the lack of O_NOFOLLOW makes the vulnerability straightforward to exploit; however, it requires only local file system access.

Generated by OpenCVE AI on June 25, 2026 at 00:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade chrome-devtools-mcp to version 1.1.0 or later, which fixes the symlink issue.
  • If an upgrade is not possible, set XDG_RUNTIME_DIR to a directory owned by the daemon user rather than relying on the /tmp fallback.
  • Before starting the daemon, delete or rename any existing /tmp/chrome-devtools-mcp-<uid>/daemon.pid symlink to prevent accidental file overwrites.
  • Ensure that the PID file is written with the O_NOFOLLOW flag or perform a check for malicious symlinks before writing.

Generated by OpenCVE AI on June 25, 2026 at 00:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3pvj-jv98-qhjq Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory
History

Fri, 26 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Chromedevtools
Chromedevtools chrome-devtools-mcp
Vendors & Products Chromedevtools
Chromedevtools chrome-devtools-mcp

Wed, 24 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync() to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDG_RUNTIME_DIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-<uid>/daemon.pid. Because the write does not use O_NOFOLLOW, a local low-privilege user on the same POSIX host can pre-create /tmp/chrome-devtools-mcp-<victim_uid>/daemon.pid as a symlink to a file writable by the victim. When the victim later starts daemon mode, fs.writeFileSync() follows the symlink and truncates the target file to the daemon PID string. This vulnerability is fixed in 1.1.0.
Title chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}


Subscriptions

Chromedevtools Chrome-devtools-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-26T18:43:32.810Z

Reserved: 2026-06-10T17:48:40.547Z

Link: CVE-2026-53765

cve-icon Vulnrichment

Updated: 2026-06-26T17:51:06.449Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:40:16Z

Weaknesses
  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')