CVE-2026-27735 is a path traversal vulnerability classified under CWE-22 affecting the modelcontextprotocol servers, specifically the git_add tool in versions prior to 2026.1.14. The root cause is the insufficient validation of file paths provided in the files argument to git_add. Instead of using the Git command-line interface, the tool uses GitPython's repo.index.add() method, which does not restrict file paths to the repository directory. This allows attackers to specify relative paths containing '../' sequences that traverse outside the repository boundaries. As a result, files outside the intended repository can be staged into the Git index, potentially leading to unauthorized file modifications or inclusion of unintended files in commits. The vulnerability is remotely exploitable without authentication but requires user interaction, such as invoking the git_add tool with crafted input. The CVSS 4.0 score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and high scope impact. No known exploits are currently reported in the wild. The recommended remediation is to upgrade to version 2026.1.14 or newer, where proper path validation has been implemented to restrict file additions strictly within repository boundaries.

The primary impact of this vulnerability is unauthorized staging of files outside the repository boundaries, which can lead to several security concerns. Attackers could manipulate or include sensitive files from the file system into the Git index, potentially exposing confidential information or corrupting repository contents. This could undermine the integrity of the source code repository, leading to supply chain risks if malicious or unintended files are committed and propagated. Additionally, if automated processes rely on the repository contents, this could affect availability or cause operational disruptions. Since the vulnerability requires user interaction but no privileges, it poses a risk in environments where untrusted users can invoke the git_add tool or supply crafted inputs. Organizations relying on modelcontextprotocol servers for source code management or automation should consider this a moderate risk that could impact software integrity and confidentiality.

To mitigate CVE-2026-27735, organizations should immediately upgrade all affected modelcontextprotocol servers to version 2026.1.14 or later, where the path traversal issue is fixed by enforcing strict validation of file paths within repository boundaries. Additionally, restrict access to the git_add tool and related interfaces to trusted users only, minimizing exposure to untrusted inputs. Implement input validation and sanitization on any user-supplied file paths before processing. Employ monitoring and auditing of repository changes to detect unusual file additions or modifications outside expected directories. Consider using file system permissions to limit the ability of the git_add tool to access files outside the repository directory. Finally, incorporate security testing in the development pipeline to detect path traversal and similar vulnerabilities early.