Homepage

@modelcontextprotocol/server-filesystem@2025.3.28 vulnerabilities

MCP server for filesystem access

  • latest version

    2025.7.1

  • latest non vulnerable version

    2025.7.1

  • first published

    7 months ago

  • latest version published

    16 days ago

  • licenses detected

  • View server-filesystem package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @modelcontextprotocol/server-filesystem package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Directory Traversal

    @modelcontextprotocol/server-filesystem is a MCP server for filesystem access

    Affected versions of this package are vulnerable to Directory Traversal in the path validation process. An attacker can access unintended files by supplying a path with a colliding prefix that matches an allowed directory.

    How to fix Directory Traversal?

    Upgrade @modelcontextprotocol/server-filesystem to version 2025.7.1 or higher.

    <2025.7.1
    • H
    Symlink Attack

    @modelcontextprotocol/server-filesystem is a MCP server for filesystem access

    Affected versions of this package are vulnerable to Symlink Attack via improper validation of file paths and handling of symbolic links. An attacker can gain unauthorized access to files outside the intended directory by crafting symlinks within permitted directories.

    How to fix Symlink Attack?

    Upgrade @modelcontextprotocol/server-filesystem to version 2025.7.1 or higher.

    <2025.7.1
    Go back to all versions of this package