CVE-2026-61462
zereight · mcp-gitlab
The zereight mcp-gitlab package is susceptible to a path traversal vulnerability in the job_id parameter, enabling attackers to access arbitrary files on the system.
Executive summary
A path traversal vulnerability in zereight mcp-gitlab allows unauthenticated attackers to read sensitive files from the host system, posing a critical risk to system confidentiality.
Vulnerability
This is a path traversal vulnerability (CWE-73) within the job_id parameter of the build/index function. It allows unauthenticated remote attackers to bypass directory restrictions and access files outside of the intended directory.
Business impact
The CVSS score of 8.6 highlights the severity of this flaw, as it permits unauthorized file disclosure. Successful exploitation could allow an attacker to read sensitive configuration files, environment variables, or other private data stored on the filesystem, potentially leading to a full system compromise.
Remediation
Immediate Action: Update the mcp-gitlab package to version 2.1.18 or later, which includes the necessary fix for the path traversal issue.
Proactive Monitoring: Inspect server logs for requests containing path traversal sequences (e.g., ../) targeting the build/index endpoint.
Compensating Controls: Configure file system permissions to follow the principle of least privilege, ensuring the application process cannot access sensitive files outside of its working directory.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This path traversal vulnerability is a significant security concern due to its potential for unauthorized file access without authentication. Users of mcp-gitlab should treat the update to version 2.1.18 as a high-priority task to ensure the integrity and confidentiality of their infrastructure.