MEDIUM 6.3

CVE-2026-10278: Path Traversal in ishayoyo excel-mcp – Exploitation, Detection, and Remediation

A path traversal vulnerability exists in the excel-mcp project (versions up to 1.0.2) that allows authenticated users to access files and directories outside the intended scope by manipulating file path parameters. An attacker with valid credentials can read or write files on the affected system by crafting malicious file path arguments, potentially exposing sensitive data or modifying system files. The vulnerability has been publicly disclosed, increasing the risk of active exploitation.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Weaknesses (CWE)
CWE-22
Affected products
0 configuration(s)
Published / Modified
2026-06-01 / 2026-06-17

NVD description (verbatim)

A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

6 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-10278 is a path traversal flaw (CWE-22) in ishayoyo's excel-mcp library affecting versions through 1.0.2. The vulnerability resides in the read_file and write_file functions within src/index.ts, where insufficient validation of the filePath and outputPath parameters permits directory traversal sequences (e.g., '../../../') to bypass access controls. The CVSS v3.1 score of 6.3 reflects a network-accessible attack requiring valid authentication, with potential impact to confidentiality, integrity, and availability. The vulnerability is remotely exploitable and public disclosure has occurred without a corresponding patch from the maintainers.

Business impact

Organizations deploying excel-mcp risk unauthorized file access and modification through authenticated sessions. An insider or compromised account holder could exfiltrate sensitive spreadsheets, configuration files, or database credentials stored on the same filesystem. Similarly, attackers could overwrite application files to inject malicious code or disable services. For teams using excel-mcp in API gateways, data processing pipelines, or collaborative environments, this vulnerability can compromise data confidentiality and operational integrity without direct network compromise.

Affected systems

The ishayoyo excel-mcp project versions 1.0.2 and earlier are affected. No vendor patches have been released as of the publication date. Organizations using this library in production environments—particularly those integrating it into server-side applications, REST APIs, or automated data workflows—should inventory their deployments immediately. The lack of vendor response increases exposure duration.

Exploitability

The vulnerability is remotely exploitable over the network by any user with valid authentication credentials. Public disclosure of this flaw removes the requirement for vulnerability research, lowering the barrier for exploitation. While the attack requires prior authentication (a limiting factor), the simplicity of path traversal techniques and the public nature of the disclosure elevate practical risk. No exploit code weaponization is required; standard path traversal payloads can trigger the flaw.

Remediation

Immediate action: audit your codebase for excel-mcp dependencies and version pinning. Remove or isolate excel-mcp from production environments if possible. Contact the ishayoyo project maintainers directly to request an expedited patch. Apply input validation on all file path parameters to reject or sanitize directory traversal sequences (../, ..\ and encoded variants). Implement filesystem access controls using chroot jails, containerization, or OS-level file permissions to limit the scope of readable/writable directories. Upgrade to a patched version as soon as the maintainers release one; monitor the project repository for updates.

Patch guidance

Verify the ishayoyo excel-mcp project repository and release notes for patched versions exceeding 1.0.2. At publication, no official patch exists; establish a monitoring process for the project's GitHub or package registry (npm, if applicable). If a patch is released, upgrade immediately and validate the fix by reviewing commit diffs to confirm input validation improvements. Until patching, consider temporary mitigations: restrict excel-mcp to isolated, non-production environments, or refactor dependent code to use alternative, actively maintained libraries.

Detection guidance

Monitor logs for unexpected file access patterns via excel-mcp functions, particularly those involving parent directory references (../) or absolute paths outside the application root. Implement egress controls to detect exfiltration of sensitive files accessed through the library. Audit authentication logs for unusual session activity or access times. Deploy file integrity monitoring (FIM) on configuration and application directories to detect unauthorized modification. Network-based detection is limited; focus on application logging and host-based controls.

Why prioritize this

Although not yet on CISA's KEV list, this vulnerability merits high prioritization due to public disclosure, ease of exploitation for authenticated users, and current lack of vendor patches. The authenticated-only requirement prevents it from reaching critical severity, but organizations relying on excel-mcp should treat this as urgent, especially if the library processes sensitive data. The 6.3 CVSS score accurately reflects medium severity with meaningful business impact.

Risk score, explained

The CVSS v3.1 score of 6.3 (MEDIUM) is calculated from: AV:N (Network—remotely accessible), AC:L (Low Attack Complexity—standard path traversal), PR:L (Low Privilege Required—valid authentication necessary), UI:N (No User Interaction), S:U (Unchanged Scope), C:L (Low Confidentiality Impact—file read access), I:L (Low Integrity Impact—file write access), A:L (Low Availability Impact—potential service disruption via file corruption). The 'L' impact ratings reflect the confined nature of the attack but acknowledge real risk to confidentiality, integrity, and availability within the file system's accessible scope.

Frequently asked questions

Is my organization affected if we use excel-mcp in a read-only context?

Partially. If your use case invokes only read_file operations, the confidentiality impact is the primary concern; attackers cannot modify files. However, the path traversal vulnerability still permits unauthorized reading of sensitive files outside intended directories. You remain at risk for data exfiltration.

What should we do while waiting for a patch from the maintainers?

Immediately inventory your deployment and document affected systems. Isolate excel-mcp to non-production or low-risk environments if feasible. Implement restrictive filesystem permissions to limit the directories excel-mcp can access. Consider switching to an alternative, actively maintained library. Establish a process to apply patches within 48–72 hours of release.

Does this vulnerability require internet access to exploit?

No. The vulnerability is remotely exploitable over the network, meaning an attacker does not need physical access to the server. However, they do need valid authentication credentials to trigger the flaw. If your excel-mcp instance is exposed on the internet, the risk is higher than if it is internal-only.

Can we mitigate this by restricting file permissions at the OS level?

Yes, partially. Using chroot, containerization (Docker), or OS-level file permissions to confine excel-mcp's accessible directories reduces (but does not eliminate) the attack surface. However, this is a temporary mitigation and not a substitute for patching. Once a vendor patch is available, apply it promptly.

This analysis is provided for informational purposes and reflects the state of the vulnerability as of the publication date. The ishayoyo project maintainers have not yet responded with official patches; all remediation guidance should be verified against the vendor's advisory upon release. Organizations should conduct their own risk assessment based on their specific deployment contexts, data sensitivity, and threat models. SEC.co does not provide legal advice; consult your security and legal teams regarding compliance obligations related to this vulnerability. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).