CVE-2026-7386
fatbobman mail-mcp-bridge mail_mcp_server.py path traversal
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in fatbobman mail-mcp-bridge up to 1.3.3. Affected is an unknown function of the file src/mail_mcp_server.py. Executing a manipulation of the argument message_ids can lead to path traversal. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 1.3.4 is able to address this issue. This patch is called 638b162b26532e32fa8d8047f638537dbdfe197a. Upgrading the affected component is recommended.
| CWE | CWE-22 |
| Vendor | fatbobman |
| Product | mail-mcp-bridge |
| Published | Apr 29, 2026 |
| Last Updated | Apr 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for fatbobman mail-mcp-bridge
Be the first to know when new high vulnerabilities affecting fatbobman mail-mcp-bridge are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
fatbobman / mail-mcp-bridge
1.3.0 1.3.1 1.3.2 1.3.3
References
vuldb.com: https://vuldb.com/vuln/360107 vuldb.com: https://vuldb.com/vuln/360107/cti vuldb.com: https://vuldb.com/submit/803096 github.com: https://github.com/fatbobman/mail-mcp-bridge/issues/2 github.com: https://github.com/fatbobman/mail-mcp-bridge/commit/638b162b26532e32fa8d8047f638537dbdfe197a github.com: https://github.com/fatbobman/mail-mcp-bridge/releases/tag/1.3.4 github.com: https://github.com/fatbobman/mail-mcp-bridge/
Credits
๐ LittleW (VulDB User)