CVE-2026-7214

The vulnerability is a path traversal in the file operations of the engineer-your-data MCP server. The functions read_file, write_file, list_files, and file_info in src/tools/file_operations.py accept an arbitrary path from the caller and perform file operations without validating that the path remains within the intended WORKSPACE_PATH directory [1]. The downstream code directly uses the supplied path without sanitization, allowing traversal outside the workspace boundary.

Exploitation is trivial: an attacker sends MCP requests with path traversal sequences such as "../" to access files outside the workspace. Since the MCP server exposes these tools without authentication, any client that can reach the server can exploit the vulnerability remotely [1]. The issue report notes that the exploit is publicly available, increasing the risk of widespread attacks.

An attacker can read arbitrary files from the server's filesystem, including configuration files, credentials, or sensitive data. They can also overwrite files, potentially leading to arbitrary code execution if critical system files are modified. This compromises both confidentiality and integrity of the affected system.

As of the report date (April 10, 2026), no patch has been released. The vendor was informed via the GitHub issue but has not responded [1]. Users should restrict network access to the MCP server, apply strict file permissions, or monitor for exploitation attempts. The public availability of exploit code makes action urgent.