Path Traversal Vulnerability in Dazeb Cline-MCP-Memory-Bank Software
CVE-2026-9468

5.3MEDIUM

Key Information:

Vendor

Dazeb

Status
Cline-mcp-memory-bank
Vendor
CVE Published:
25 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-9468?

A security flaw has been identified in Dazeb's Cline-MCP-Memory-Bank due to an improper handling of the 'projectPath' argument within the handleInitializeMemoryBank function, located in src/index.ts. This vulnerability enables attackers to execute path traversal attacks remotely, allowing unauthorized access to files and directories on the server. The exploit vector has been publicly disclosed, heightening the risk for users of the software, which employs a rolling release system and lacks demonstrably transparent release versioning. The issue was reported to the developers, but no response has been documented thus far.

Affected Version(s)

cline-mcp-memory-bank 55c81b9cf6c16700983c84dc4cdea3cafa19a75f

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-9468 - Proof of Concept

References

https://vuldb.com/vuln/365449
vdb-entrytechnical-description
https://vuldb.com/vuln/365449/cti
signaturepermissions-required
https://vuldb.com/submit/813991
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

KkKkKO (VulDB User)
VulDB CNA Team
.