CVE-2026-7237 | AgiFlow scaffold-mcp up to 1.0.27 write-to-file Tool index.ts file_path path traversal (Issue 88)
A vulnerability, which was classified as critical, was found in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file_path results in path traversal.
This vulnerability is cataloged as CVE-2026-7237. The attack may be launched remotely. Furthermore, there is an exploit available.
You should upgrade the affected component.