Mcp-server-git path traversal and argument injection flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
Anthropic's mcp-server-git now has three disclosed vulnerabilities that can enable arbitrary file read/delete and code execution in affected deployments. The issues map to CVE-2025-68143, CVE-2025-68144, and CVE-2025-68145, spanning path traversal and argument injection in Git tooling. Fixes were released in 2025.9.25 and 2025.12.18, and one vulnerable tool was later removed. Cyata also showed how the flaws can be chained through prompt injection to reach remote code execution.
Related Happenings
MCP STDIO arbitrary command execution security flaw
Vulnerability
First: 16.04.2026 12:40
Last: 16.04.2026 12:40
Sources 1
About this happening:
A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
MCP STDIO arbitrary command execution security flaw
VulnerabilityAbout this happening: A **critical MCP flaw** in the **STDIO interface** can trigger **arbitrary command execution**, putting **connected AI systems** at risk of **data exposure** and **system takeover...
Ghostscript OpenSC and CGIF memory corruption flaws memory corruption flaw
Vulnerability
First: 06.02.2026 07:49
Last: 06.02.2026 07:49
Sources 1
About this happening:
**Ghostscript**, **OpenSC**, and **CGIF** were among the open-source libraries affected by a newly disclosed batch of **more than 500 previously unknown high-severity flaws**. The...
Ghostscript OpenSC and CGIF memory corruption flaws memory corruption flaw
VulnerabilityAbout this happening: **Ghostscript**, **OpenSC**, and **CGIF** were among the open-source libraries affected by a newly disclosed batch of **more than 500 previously unknown high-severity flaws**. The...
Figma MCP version 0.6.3 remediation guidance
Advisory/Mitigation
First: 08.10.2025 20:14
Last: 08.10.2025 20:14
Sources 1
About this happening:
Users of **Figma MCP** were told to **upgrade to version 0.6.3 or higher** to reduce exposure to a **command-injection** flaw that could enable **remote code execution**. The reme...
Figma MCP version 0.6.3 remediation guidance
Advisory/MitigationAbout this happening: Users of **Figma MCP** were told to **upgrade to version 0.6.3 or higher** to reduce exposure to a **command-injection** flaw that could enable **remote code execution**. The reme...
Timeline
-
20.01.2026 15:55 2 articles · 4mo ago
Anthropic mcp-server-git vulnerabilities disclosed and patched
Initial DisclosureCyata disclosed three CVE-backed vulnerabilities in Anthropic's mcp-server-git Python MCP server: CVE-2025-68143, a path traversal issue in git_init; CVE-2025-68144, an argument injection issue in git_diff and git_checkout; and CVE-2025-68145, a path traversal issue in --repository handling. The flaws were reported as exploitable through prompt injection to read or delete arbitrary files and execute code, with fixes released in versions 2025.9.25 and 2025.12.18 and git_init later removed alongside extra path validation to reduce abuse.
Show sources
- Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution — thehackernews.com — 20.01.2026 15:55
- Prompt Injection Bugs Found in Official Anthropic Git MCP Server — www.infosecurity-magazine.com — 20.01.2026 17:01