CNNVD-202601-1195 Information

CNNVD ID

CNNVD-202601-1195

Related CVE

CVE-2025-67366

• CNNVD Published: 2026-01-07

Description (Chinese)

Filesystem MCP是Sylphx开源的一个MCP文件系统服务器。 Filesystem MCP 0.5.8版本存在安全漏洞，该漏洞源于路径验证机制中符号链接处理不当，可能导致绕过目录限制，访问未授权文件。

Description (English)

Filesystem MCP is an MCP filesystem server from Sylphx open source. Version 0.5.8 of Filesystem MCP contains a security loophole, which stems from the inappropriate handling of the symbol link in the path validation mechanism and may lead to circumventing directory limitations and access to unauthorized documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sylphx

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/sylphxltd/filesystem-mcp https://github.com/sylphxltd/filesystem-mcp/issues/134 https://access.redhat.com/security/cve/cve-2025-67366

Patch

https://github.com/SylphxAI/filesystem-mcp/releases