excel-mcp-server Path Traversal Vulnerability Allowing Arbitrary File Access and Modification

A path traversal vulnerability has been identified in excel-mcp-server versions through 0.1.7. This vulnerability allows an unauthenticated attacker to read, write, and overwrite arbitrary files on the host filesystem. The issue arises when the server is running in SSE or Streamable-HTTP transport mode, the default for remote use. The vulnerability exploits flaws in the get_excel_path() function, which fails to properly validate filepath arguments, bypassing intended file operation restrictions. The server's default settings further facilitate exploitation by exposing the service to all network interfaces without authentication.

Impact

Successful exploitation allows for unrestricted file access and manipulation on the host system. Attackers can read sensitive files, such as those containing personal or financial information, write or overwrite Excel files anywhere on the filesystem, create arbitrary directory structures, and potentially disrupt services by filling up disk space. Additionally, there is a risk of client-side remote code execution by planting malicious macro-enabled templates in shared directories.

Reproduction

The vulnerability can be reproduced by installing the affected version of excel-mcp-server and starting the server with the default settings, which bind the service to all network interfaces. Once the server is running, an unauthenticated attacker can send requests to the exposed MCP tool handlers with crafted filepath arguments that exploit the path traversal flaw. This can be done manually or with an automated script that tests the vulnerability by accessing and manipulating files outside the intended sandbox directory.

Remediation

Users can upgrade to excel-mcp-server version 0.1.8, which addresses the path traversal vulnerability by implementing proper filepath validation in the get_excel_path() function.