PYSEC-2026-1621

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/mcp-server-git/PYSEC-2026-1621.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1621
Aliases
Published
2026-07-07T16:03:13.168871Z
Modified
2026-07-07T17:47:03.417893940Z
Severity
  • 6.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H CVSS Calculator
Summary
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
Details

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server process, making those directories eligible for subsequent git operations. The tool was removed entirely, as the server is intended to operate on existing repositories only. Users are advised to upgrade to 2025.9.25 or newer to remediate this issue.

Thank you to https://hackerone.com/yardenporat for disclosure, @0dd for contributing the fix.

References

Affected packages

PyPI / mcp-server-git

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2025.9.25

Affected versions

0.*
0.2.0
0.3.0
0.4.0
0.4.1
0.5.0
0.5.1
0.6.0
0.6.1
0.6.2
2025.*
2025.1.14
2025.7.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/mcp-server-git/PYSEC-2026-1621.yaml"