WilliamCloudQi matlab-mcp-server Path Traversal Vulnerability in MCP Interface

A path traversal vulnerability allowing arbitrary file writes has been identified in WilliamCloudQi's matlab-mcp-server, specifically in the MCP Interface component within the file src/index.ts. This vulnerability affects the generate_matlab_code and execute_matlab_code functions, which improperly handle the scriptPath argument. The lack of validation allows remote attackers to write files to arbitrary locations on the server's filesystem, potentially leading to unauthorized data manipulation or system compromise. This issue is present in the commit ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca, with no fixed version available at the time of reporting.

Impact

Exploitation of this vulnerability allows for arbitrary file writes to locations accessible by the server process. This could result in overwriting critical application files, corrupting configuration settings, or introducing malicious scripts that could be executed in a harmful context.

Reproduction

To reproduce this vulnerability, upload the vulnerable version of matlab-mcp-server and start the server. Then, use the MCP Inspector tool to call the generate_matlab_code function with a crafted scriptPath argument that includes directory traversal sequences. After the request is processed, check the specified file path to confirm that the payload was successfully written.

Remediation

It is recommended to update the scriptPath handling to include proper validation and restrictions, ensuring that only safe, allowlisted paths are used for file writes. Additionally, consider removing the script-saving feature when the MCP server is accessible to untrusted users.