CVE-2026-7403

Vulnerability

Overview CVE-2026-7403 is a path traversal vulnerability in geldata gel-mcp 0.1.0, specifically in the fetch_rule function within src/gel_mcp/server.py. The function joins the attacker-controlled rule_name argument directly under the RULES_DIR path without sanitization, allowing traversal sequences like ../../../../../pyproject.toml to escape the intended directory [1]. This is a classic instance of CWE-73: External Control of File Name or Path [1].

Exploitation

An attacker can exploit this remotely by sending a crafted fetch_rule request with path traversal characters in the rule_name parameter. No authentication is required if the MCP server is exposed to the network. The attack does not require any special privileges beyond network access to the server's tool interface [1]. A public exploit has been released, increasing the risk of active attacks [description].

Impact

Successful exploitation allows an attacker to read arbitrary files on the server filesystem with the privileges of the gel-mcp process. This could lead to disclosure of sensitive configuration files, source code, or credentials. The list_rules function is not affected as it only lists files matching *.md in the rules directory, but fetch_rule directly exposes the traversal [1].

Mitigation

Status As of the report date (April 13, 2026), no fix has been released, and the vendor has not responded to the issue [1]. Users should restrict network access to the gel-mcp service to trusted clients only, or disable the fetch_rule tool if possible until a patched version is available.