geldata gel-mcp server.py fetch_rule path traversal_CVE-2026-7403

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in path traversal. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7403

Source VulDB

Published Apr 29, 2026 at 20:00

Affected Product

Vendor geldata

Product gel-mcp

Version 0.1.0

Affected Versions geldata gel-mcp 0.1.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in path traversal. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-29T20:00:18.350Z",
    "modified": "2026-04-29T20:00:18.350Z",
    "type": "cve",
    "title": "geldata gel-mcp server.py fetch_rule path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360139\nhttps://vuldb.com/vuln/360139/cti\nhttps://vuldb.com/submit/803530\nhttps://github.com/geldata/gel-mcp/issues/11\nhttps://github.com/geldata/gel-mcp/",
    "id": "CVE-2026-7403",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "geldata gel-mcp 0.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "gel-mcp",
    "version": "0.1.0",
    "vendor": "geldata",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}