Skip to content

fix(security): CWE-22 path traversal in MCP server#211

Merged
ruvnet merged 1 commit intomainfrom
fix/cwe-22-path-traversal-207
Feb 25, 2026
Merged

fix(security): CWE-22 path traversal in MCP server#211
ruvnet merged 1 commit intomainfrom
fix/cwe-22-path-traversal-207

Conversation

@ruvnet
Copy link
Copy Markdown
Owner

@ruvnet ruvnet commented Feb 25, 2026

Summary

  • Fixes critical CWE-22 path traversal vulnerability in MCP server's vector_db_backup, vector_db_create, and all db path handling
  • Adds validate_path() that canonicalizes user paths and enforces confinement within configured data_dir
  • Configurable via mcp.data_dir in config or RUVECTOR_MCP_DATA_DIR env var (defaults to cwd)
  • All 3 POC attack vectors from the report are now blocked with clear error messages

Changes

crates/ruvector-cli/src/mcp/handlers.rs:

  • Added validate_path() method that resolves, canonicalizes, and confines paths
  • Applied validation to tool_backup() (both db_path and backup_path)
  • Applied validation to tool_create_db() (params.path)
  • Applied validation to get_or_open_db() (used by tool_insert, tool_search, tool_stats)
  • Added 8 unit tests covering traversal, absolute paths, subdirs, new files

crates/ruvector-cli/src/config.rs:

  • Added data_dir field to McpConfig (configurable path confinement boundary)
  • Added RUVECTOR_MCP_DATA_DIR env var override

Test plan

  • 8 unit tests pass (traversal, absolute, subdirs, new files, /etc/passwd, /etc/shadow, /etc/hosts, ~/.ssh)
  • All 49 existing tests pass
  • cargo publish --dry-run succeeds
  • Published ruvector-cli v2.0.4 to crates.io with the fix

Closes #207

🤖 Generated with claude-flow

@ruvnet
fix(security): path traversal in MCP server vector_db_backup (CWE-22)
95c256a 
Add path validation to all MCP tools that accept user-supplied file paths,
preventing arbitrary file read/write via directory traversal.

Vulnerable functions patched:
- tool_backup: db_path and backup_path now validated
- tool_create_db: params.path now validated
- get_or_open_db: path now validated

Implementation:
- validate_path() canonicalizes paths and checks they resolve within
  the configured data_dir (defaults to cwd)
- Configurable via mcp.data_dir in config or RUVECTOR_MCP_DATA_DIR env
- Rejects absolute paths outside data_dir, ../traversal, and symlink escapes
- 8 unit tests covering all POC attack vectors from the report

CVSS 3.1: 9.1 (Critical) → Mitigated
Closes #207

Co-Authored-By: claude-flow <ruv@ruv.net>
@ruvnet ruvnet merged commit a55bdf8 into main Feb 25, 2026
9 checks passed
This was referenced Feb 25, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SECURITY] CWE-22: Path Traversal in MCP Server (vector_db_backup) - Arbitrary File Read/Write

1 participant

@ruvnet