REPRO-2026-00076 MEDIUM Path Traversal Verified

MCP Server Git: Path Traversal via Missing Repository Path Validation

mcp-server-git (pip) Jan 21, 2026

Open in Codespaces Download Script

Confidence HIGH

Reproduced in 11m 29s

Tool calls 155

Affected < 2025.12.18

Fixed in 2025.12.18

What's the vulnerability?

In mcp-server-git versions prior to 2025.12.18, when started with --repository flag, it did not validate that repo_path arguments were within the configured path. This allows tool calls to operate on other repositories via direct paths, path traversal, or symlinks.

Root Cause Analysis

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00076

or pruva-verify GHSA-j22h-9j4x-23w5

or pruva-verify CVE-2025-68145

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

1

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00076/artifacts/reproduction_steps.sh

2

Make executable

chmod +x reproduction_steps.sh

3

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

reproduction_steps.sh3.7 KB

rca_report.md2.4 KB

ticket.md1.2 KB

vuln_outside_repo.log0.1 KB

vuln_traversal_repo.log0.1 KB

vuln_symlink_repo.log0.1 KB

fixed_outside_repo.log0.3 KB

fixed_symlink_repo.log0.3 KB