Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-61462

HIGH NVD
CVSS Score 8.6
Severity HIGH
Published Jul 13, 2026
Vendor unknown

Description

mcp-gitlab contains a path traversal vulnerability in the job_id parameter of build/index.js that allows attackers to redirect GitLab API requests to arbitrary endpoints. Attackers can supply crafted job_id values like ../../../user to escape the intended path prefix and access arbitrary GitLab API resources using the operator's personal access token.

References