CVE-2026-7403

Sažetak

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in path traversal. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Reference

https://github.com/geldata/gel-mcp/
https://github.com/geldata/gel-mcp/issues/11
https://vuldb.com/submit/803530
https://vuldb.com/vuln/360139
https://vuldb.com/vuln/360139/cti

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-04-2026 - 21:16

Objavljeno

29-04-2026 - 21:16