CVE-2026-7149
Description
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare_kaggle_dataset of the file src/kaggle_mcp/server.py. The manipulation of the argument competition_id leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A path traversal vulnerability in dexhunter kaggle-mcp allows remote attackers to create arbitrary directories via the competition_id parameter.
Vulnerability
Overview
CVE-2026-7149 is a path traversal vulnerability (CWE-22/CWE-73) found in dexhunter kaggle-mcp, a Model Context Protocol (MCP) server for Kaggle APIs. The flaw resides in the prepare_kaggle_dataset function in src/kaggle_mcp/server.py constructs a filesystem path by directly concatenating the user-supplied competition_id argument with a base data directory, without any sanitization or validation [1]. This allows an attacker to inject path traversal sequences such as ../../ to escape the intended src/kaggle_mcp/data/ directory [1].
Exploitation
The vulnerability is remotely exploitable without authentication, as the MCP server exposes the prepare_kaggle_dataset tool as an endpoint that accepts a competition_id string [1][2]. An attacker can send a crafted request with traversal sequences in the competition_id parameter. The server then calls os.makedirs(data_dir, exist_ok=True) on the resulting path, creating directories at arbitrary locations on the filesystem before any Kaggle API interaction occurs [1]. The exploit has been publicly disclosed, increasing the risk of active exploitation [2].
Impact
Successful exploitation allows an attacker to create directories anywhere the server process has write permissions. While the vulnerability does not directly allow file write or code execution, arbitrary directory creation can be leveraged for further attacks, such as filling disk space, interfering with system or application behavior, or as a stepping stone for more severe exploits [1]. The CVSS v3 base score is 7.3 (High, reflecting the low complexity and network-based attack vector [2].
Mitigation
As of the publication date, the vendor (dexhunter) has not responded to the issue report, and no patch is available [fixed version] is available [1][2]. The project uses a rolling release strategy, so version details for affected or updated releases cannot be specified [2]. Users are advised to monitor the repository for updates and consider restricting access to the MCP server or implementing server until a patch is released [3][4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
kaggle-mcpPyPI | <= 0.1.0 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-q882-jc55-6343ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-7149ghsaADVISORY
- github.com/dexhunter/kaggle-mcp/issues/1nvdWEB
- vuldb.com/submit/802052nvdWEB
- vuldb.com/vuln/359748nvdWEB
- vuldb.com/vuln/359748/ctinvdWEB
News mentions
0No linked articles in our index yet.