dazeb cline-mcp-memory-bank index.ts handleInitializeMemoryBank path traversal
Description
A security flaw has been discovered in dazeb cline-mcp-memory-bank up to 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The affected element is the function handleInitializeMemoryBank of the file src/index.ts. The manipulation of the argument projectPath results in path traversal. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A path traversal flaw in dazeb cline-mcp-memory-bank before commit 55c81b9c allows remote attackers to read/write arbitrary files outside the project directory.
Vulnerability
A path traversal vulnerability exists in dazeb/cline-mcp-memory-bank up to commit 55c81b9cf6c16700983c84dc4cdea3cafa19a75f. The issue resides in multiple handlers within src/index.ts, including handleInitializeMemoryBank, handleUpdateContext, handleRecordDecision, handleTrackProgress, getProjectInfo, and detectTechStack. These functions accept a projectPath argument from MCP tool requests and construct file paths using path.join(projectPath, ...) without validating that the resulting path stays within a permitted workspace root. No specific configuration is required; the vulnerable code path is reachable by default when the MCP server processes tool requests [1][2].
Exploitation
An attacker can remotely send crafted MCP tool requests containing a malicious projectPath value (e.g., using ../ sequences) as an argument. The server then uses path.join(projectPath, ...) to build paths for filesystem operations such as fs.readFile, fs.writeFile, fs.mkdir, and fs.readdir. Because no boundary enforcement exists, the attacker can traverse outside the intended project directory. The exploit has been publicly released, increasing the risk of remote exploitation [1][2].
Impact
Successful exploitation allows an attacker to read arbitrary files on the server filesystem (information disclosure), write or overwrite arbitrary files (potentially leading to code injection or data corruption), create directories, and list directory contents. The attacker gains unauthorized file access at the privilege level of the MCP server process, which may enable further compromise of the system [1][2].
Mitigation
As of publication, the project maintainer has not responded to the reported issue, and no official patched version has been released. The project uses a rolling release system, so version identifiers are not explicitly disclosed. Users should monitor the repository for future commits that implement workspace-root boundary validation or input sanitization on projectPath. Until a fix is available, consider restricting network access to the MCP server to trusted hosts only [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/dazeb/cline-mcp-memory-bank/issues/5mitreexploitissue-tracking
- vuldb.com/submit/813991mitrethird-party-advisory
- vuldb.com/vuln/365449mitrevdb-entrytechnical-description
- vuldb.com/vuln/365449/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.