Model Context Protocol Servers mcp-server-git Path Traversal Vulnerability in git_add Tool

A path traversal vulnerability has been identified in the 'mcp-server-git' component of Model Context Protocol Servers, affecting versions prior to 2026.1.14. The issue arises because the 'git_add' tool failed to validate file paths within repository boundaries. Instead of using the Git command-line interface, the tool relied on GitPython's 'repo.index.add()' method, which does not enforce working-tree boundary checks for relative paths. This oversight allowed paths containing '../' sequences that resolved outside the repository to be accepted and staged into the Git index. Consequently, sensitive files could potentially be exfiltrated through subsequent commit and push operations.

Impact

Exploitation of this vulnerability allows for path traversal, enabling files outside the repository boundaries to be staged in the Git index. This could lead to sensitive files being committed and pushed to a remote repository.

Remediation

Users are advised to upgrade to version 2026.1.14 or newer. The fix involves changing the path validation method to use the Git command-line interface, which properly rejects out-of-tree paths.