# Vulnerability Summary - **Vulnerability ID**: #802911 - **Vulnerability Title**: WilliamCloudQi matlab-mcp-server Commit a88f6b59bf5f36f725e8628029f7f6dd0d9913ca Path Traversal - **Vulnerability Type**: Arbitrary File Write (CWE-22) - **Status**: Confirmed - **Reported Date**: 2025-04-11 - **Confirmed Date**: 2025-04-28 ## Overview An arbitrary file write vulnerability was discovered in `src/index.ts` of `matlab-mcp-server`. The vulnerability exists in the `generate_matlab_code` and `execute_matlab_code` MCP tools, which accept a user-supplied `scriptPath` parameter and use it directly as the file system write target without enforcing a secure base directory, rejecting absolute paths, or restricting parent directory traversal. An attacker with network access to the MCP interface can write controlled content to any file system path writable by the server process, potentially leading to integrity compromise, data corruption, or further exploitation. ## Affected Components - **Affected Component**: `matlab-mcp-server` - **Affected File**: `src/index.ts` - **Affected Tools**: `generate_matlab_code`, `execute_matlab_code` ## Remediation No patched version is currently available. It is recommended to handle the user-supplied `scriptPath` parameter with caution, ensuring it does not contain path traversal sequences and restricting the write directory. ## Proof of Concept (POC) ```typescript generate_matlab_code;execute_matlab_code scriptPath path traversal ```