CVE-2026-9467

Summary

A vulnerability was identified in debugmcp mcp-debugger up to 0.20.0. Impacted is the function handleGetSourceContext of the file src/server.ts. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
debugmcpmcp-debugger0.1affected
debugmcpmcp-debugger0.2affected
debugmcpmcp-debugger0.3affected
debugmcpmcp-debugger0.4affected
debugmcpmcp-debugger0.5affected
debugmcpmcp-debugger0.6affected
debugmcpmcp-debugger0.7affected
debugmcpmcp-debugger0.8affected
debugmcpmcp-debugger0.9affected
debugmcpmcp-debugger0.10affected
debugmcpmcp-debugger0.11affected
debugmcpmcp-debugger0.12affected
debugmcpmcp-debugger0.13affected
debugmcpmcp-debugger0.14affected
debugmcpmcp-debugger0.15affected
debugmcpmcp-debugger0.16affected
debugmcpmcp-debugger0.17affected
debugmcpmcp-debugger0.18affected
debugmcpmcp-debugger0.19affected
debugmcpmcp-debugger0.20.0affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References