Loading
Generated remediation guidance and an executive summary. No account required.
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool used GitPython's repo.index.add() rather than the Git CLI, relative paths containing `../` sequences that resolve outside the repository were accepted and staged into the Git index. Users are advised to upgrade to 2026.1.14 or newer to remediate this issue.
Cite this page
CVE-2026-27735. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-27735
Use CWE-22, Lfprojects vendor hub and Model Context Protocol Servers product page to widen CVE-2026-27735 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-68143, CVE-2025-68145 and CVE-2025-68144 for nearby disclosures in the same product family.