Description
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file_path results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Upgrading to version 1.1.0 can resolve this issue. The patch is identified as c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6. You should upgrade the affected component.
Published: 2026-04-28
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Write via Path Traversal
Action: Apply Patch
AI Analysis

Impact

The vulnerability originates from an unchecked file_path argument in the scaffold‑mcp write‑to‑file tool, allowing a path traversal attack. An attacker can direct the server to write files outside the intended directory, potentially overwriting system or application files. Based on the description, it is inferred that this could lead to corruption of configuration files or placement of malicious scripts that might be executed later, compromising the integrity of the affected system. This flaw is classified as CWE‑22 and carries a CVSS score of 6.9, indicating moderate severity.

Affected Systems

All installations of AgiFlow scaffold‑mcp versions up to and including 1.0.27 are vulnerable. The issue was fixed in version 1.1.0, as identified by commit c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6. No other versions are known to be affected.

Risk and Exploitability

The attack vector is remote, relying on sending a crafted file_path. The exploit is publicly available and does not require any special privileges, making it accessible to unauthenticated users if the endpoint is exposed. With a CVSS score of 6.9, the risk is moderate, and the lack of an EPSS score introduces uncertainty about current exploitation prevalence. The vulnerability is not listed in CISA KEV. The public nature of the exploit urges timely remediation.

Generated by OpenCVE AI on April 28, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AgiFlow scaffold‑mcp to version 1.1.0 or later to eliminate the path traversal flaw.
  • If an upgrade cannot be performed immediately, apply strict input validation on the file_path parameter, allowing only known safe directories and rejecting traversal patterns.
  • Additionally, restrict the write‑to‑file capability to authorized users, enforce appropriate file permissions, and monitor for unexpected file creation activities.

Generated by OpenCVE AI on April 28, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Agiflow
Agiflow scaffold-mcp
Vendors & Products Agiflow
Agiflow scaffold-mcp

Tue, 28 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file_path results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Upgrading to version 1.1.0 can resolve this issue. The patch is identified as c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6. You should upgrade the affected component.
Title AgiFlow scaffold-mcp write-to-file Tool index.ts path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Agiflow Scaffold-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T14:13:20.517Z

Reserved: 2026-04-27T17:17:36.780Z

Link: CVE-2026-7237

cve-icon Vulnrichment

Updated: 2026-04-28T14:13:15.925Z

cve-icon NVD

Status : Deferred

Published: 2026-04-28T08:16:02.640

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:30:27Z

Weaknesses