Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
6.4

mcp-server-git allows attackers to access files outside the repository

CVE-2026-27735 GHSA-vjqx-cfc4-9h6v
Summary

An outdated version of mcp-server-git doesn't check where files come from, allowing an attacker to steal sensitive files. This can happen if a malicious user provides a file path that goes beyond the allowed area. To fix this, update to version 2026.1.14 or newer.

What to do
  • Update mcp-server-git to version 2026.1.14.
Affected software
VendorProductAffected versionsFix available
– mcp-server-git <= 2026.1.14 2026.1.14
Original title
mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
Original description
In `mcp-server-git` versions prior to 2026.1.14, the `git_add` tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's `repo.index.add(`, which did not enforce working-tree boundary checks for relative paths. As a result, relative paths containing `../` sequences that resolved outside the repository were accepted and staged into the Git index, potentially allowing sensitive files to be exfiltrated via subsequent commit and push operations. The fix in PR #3164 switches to `repo.git.add()`, which delegates to the Git CLI and properly rejects out-of-tree paths. Users are advised to upgrade to 2026.1.14 or newer to remediate this issue.

mcp-server-git thanks https://hackerone.com/0dd-g for reporting and contributing the fix.
nvd CVSS4.0 6.4
Vulnerability type
CWE-22 Path Traversal
Published: 26 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026