CVE-2026-7272: WilliamCloudQi matlab-mcp-server Path Traversal Vulnerability

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitypath-traversalcwe-22
CVE-2026-7272: WilliamCloudQi matlab-mcp-server Path Traversal Vulnerability

The National Vulnerability Database has disclosed CVE-2026-7272, a high-severity path traversal vulnerability (CVSS 7.3) affecting WilliamCloudQi’s matlab-mcp-server, specifically versions up to commit ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The flaw resides within the generate_matlab_code/execute_matlab_code functions in src/index.ts, part of the MCP Interface component.

Attackers can remotely exploit this by manipulating the scriptPath argument, potentially gaining unauthorized access to arbitrary files or directories outside the intended scope. This isn’t theoretical; an exploit has been publicly released, meaning the window for proactive defense is rapidly closing.

While the project maintainers were reportedly informed early via an issue report, the National Vulnerability Database indicates no response has been received. This lack of communication or patch means any organization utilizing this server is exposed. Defenders need to recognize the immediate threat from published exploits and the inherent risk of unpatched software.

What This Means For You

  • If your organization uses WilliamCloudQi matlab-mcp-server, you are directly exposed to a high-severity, remotely exploitable path traversal vulnerability (CVE-2026-7272) with a public exploit. Immediately assess your environment for this specific component. Without a patch, the only viable mitigation is to restrict network access or disable the affected functionality until a fix is available. Attackers are already leveraging public exploits, so assume active targeting.

Indicators of Compromise

IDTypeIndicator
CVE-2026-7272 Path Traversal WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca
CVE-2026-7272 Path Traversal Vulnerable function: generate_matlab_code/execute_matlab_code in src/index.ts
CVE-2026-7272 Path Traversal Vulnerable component: MCP Interface
CVE-2026-7272 Path Traversal Manipulation of argument: scriptPath

Written by SCW Vulnerability Desk

🔎
Get Latest Vulnerability Briefs Use /brief to receive our analyst-ready weekly threat summary with severity rankings and key IOCs.
Open Intel Bot →
Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 28, 2026 at 17:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Firefox ESR Sandbox Escape: Critical CVE-2026-7321 Demands Immediate Attention

CVE-2026-7321 — Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.

vulnerabilityCVEcriticalhigh-severitycwe-120
/SCW Vulnerability Desk /CRITICAL /9.6 /⚑ 2 IOCs /⚙ 4 Sigma

D-Link DIR-825M Buffer Overflow (CVE-2026-7289) Exposes Routers

CVE-2026-7289 — A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 3 IOCs /⚙ 2 Sigma

D-Link DIR-825M Buffer Overflow (CVE-2026-7288) Publicly Disclosed

CVE-2026-7288 — A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-119cwe-120
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 1 IOC