CVE-2026-27735
- EPSS 0.04%
- Veröffentlicht 25.02.2026 23:45:52
- Zuletzt bearbeitet 14.04.2026 00:44:04
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that file paths provided in the files argument were wit...
CVE-2025-68145
- EPSS 0.12%
- Veröffentlicht 17.12.2025 22:12:45
- Zuletzt bearbeitet 14.04.2026 15:13:35
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within tha...
CVE-2025-68144
- EPSS 0.01%
- Veröffentlicht 17.12.2025 22:10:56
- Zuletzt bearbeitet 14.04.2026 15:23:26
In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be inte...
CVE-2025-68143
- EPSS 0.04%
- Veröffentlicht 17.12.2025 22:09:43
- Zuletzt bearbeitet 14.04.2026 15:30:51
Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and created Git repositories withou...