📄 Description (English)
A vulnerability was detected in AgiFlow scaffold-mcp up to 1.0.27. Affected by this issue is some unknown functionality of the file packages/scaffold-mcp/src/server/index.ts of the component write-to-file Tool. The manipulation of the argument file_path results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Upgrading to version 1.1.0 can resolve this issue. The patch is identified as c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6. You should upgrade the affected component.
🤖 AI Executive Summary
AgiFlow scaffold-mcp versions up to 1.0.27 contain a path traversal vulnerability (CWE-22) in the write-to-file tool that allows remote attackers to manipulate file paths and access arbitrary files on affected systems. With a CVSS score of 7.3 and public exploit availability, this poses a significant risk to organizations using this component. Immediate patching to version 1.1.0 or later is critical to prevent unauthorized file access and potential data exfiltration.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 5, 2026 17:18
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations using AgiFlow scaffold-mcp in development and deployment pipelines, particularly in: (1) Financial Technology and Banking sector (SAMA-regulated entities) where unauthorized file access could compromise sensitive financial data and trading systems; (2) Government agencies and digital transformation initiatives under NCA oversight that rely on this component for infrastructure automation; (3) Healthcare organizations managing patient data systems; (4) Energy sector (ARAMCO and related entities) using this tool in operational technology environments; (5) Telecommunications providers (STC, Mobily) deploying this in network infrastructure. The path traversal vulnerability could lead to exposure of configuration files, API keys, database credentials, and proprietary source code.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Telecommunications
Technology and Software Development
E-commerce and Retail
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Inventory all systems and applications using AgiFlow scaffold-mcp versions ≤1.0.27
2. Isolate or restrict network access to affected systems until patching is complete
3. Review access logs for suspicious file access patterns in the past 30 days
4. Rotate all credentials and API keys that may be stored in accessible configuration files
PATCHING GUIDANCE:
1. Upgrade AgiFlow scaffold-mcp to version 1.1.0 or later immediately
2. Apply commit c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6 if manual patching is required
3. Test patches in non-production environments before deployment
4. Implement a phased rollout to production systems with monitoring
COMPENSATING CONTROLS (if immediate patching is not possible):
1. Implement strict input validation on file_path parameters - whitelist allowed directories only
2. Deploy Web Application Firewall (WAF) rules to block path traversal patterns (../, ..\ sequences)
3. Run the application with minimal file system permissions using principle of least privilege
4. Disable the write-to-file tool if not actively required
5. Implement file system access monitoring and alerting for unauthorized access attempts
DETECTION RULES:
1. Monitor for HTTP requests containing encoded path traversal sequences (%2e%2e, %252e%252e)
2. Alert on file_path parameters containing ../ or ..\ patterns
3. Log and alert on any file access outside designated application directories
4. Monitor process execution for unusual file system access patterns from scaffold-mcp processes
5. Implement SIEM rules to detect multiple failed file access attempts from single source
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. قم بحصر جميع الأنظمة والتطبيقات التي تستخدم AgiFlow scaffold-mcp بإصدارات ≤1.0.27
2. عزل أو تقييد الوصول إلى الشبكة للأنظمة المتأثرة حتى اكتمال التصحيح
3. مراجعة سجلات الوصول للأنماط المريبة في الوصول إلى الملفات خلال آخر 30 يوماً
4. تدوير جميع بيانات الاعتماد ومفاتيح API التي قد تكون مخزنة في ملفات التكوين المتاحة
إرشادات التصحيح:
1. قم بترقية AgiFlow scaffold-mcp إلى الإصدار 1.1.0 أو أحدث فوراً
2. طبق التعديل c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6 إذا كان التصحيح اليدوي مطلوباً
3. اختبر التصحيحات في بيئات غير الإنتاج قبل النشر
4. نفذ نشراً متدرجاً لأنظمة الإنتاج مع المراقبة
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. طبق التحقق الصارم من المدخلات على معاملات file_path - قائمة بيضاء للمجلدات المسموحة فقط
2. نشر قواعد جدار الحماية (WAF) لحجب أنماط اجتياز المسار (../ و..\ التسلسلات)
3. قم بتشغيل التطبيق بأقل صلاحيات نظام الملفات باستخدام مبدأ أقل امتياز
4. عطل أداة الكتابة إلى الملف إذا لم تكن مطلوبة بنشاط
5. طبق مراقبة التنبيهات على الوصول غير المصرح إلى نظام الملفات
قواعد الكشف:
1. راقب طلبات HTTP التي تحتوي على تسلسلات اجتياز مسار مشفرة (%2e%2e، %252e%252e)
2. تنبيهات على معاملات file_path التي تحتوي على أنماط ../ أو ..\
3. تسجيل والتنبيه على أي وصول ملف خارج المجلدات المخصصة للتطبيق
4. راقب تنفيذ العمليات للأنماط غير المعتادة في الوصول إلى نظام الملفات من عمليات scaffold-mcp
5. طبق قواعل SIEM للكشف عن محاولات الوصول المتعددة الفاشلة من مصدر واحد
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.8.2.1 - Classification of Information
A.8.2.3 - Handling of Assets
A.12.2.1 - Controls Against Malware
A.12.4.1 - Event Logging
A.12.4.3 - Administrator and Operator Logs
A.13.1.1 - Information Security Incident Procedures
🔵 SAMA CSF
ID.AM-2: Software platforms and applications within the organization are inventoried
PR.AC-1: Identities and credentials are issued and managed securely
PR.AC-3: Access is managed through role-based or attribute-based mechanisms
PR.AC-4: Access permissions and authorizations are managed
PR.DS-1: Data-at-rest is protected
PR.DS-2: Data-in-transit is protected
DE.AE-1: A baseline of network operations and expected data flows for users and systems is established and managed
DE.CM-1: The network is monitored to detect potential cybersecurity events
RS.AN-1: Notifications from detection systems, processes, and tools are investigated
🟡 ISO 27001:2022
A.5.1 - Management Direction for Information Security
A.6.1 - Internal Organization
A.6.2 - Mobile Device and Teleworking
A.8.1 - Asset Management
A.8.2 - Information Classification
A.8.3 - Media Handling
A.12.2 - Malware Protection
A.12.4 - Logging
A.12.6 - Management of Technical Vulnerabilities
A.13.1 - Information Security Incident Management
🟣 PCI DSS v4.0.1
1.1 - Establish network segmentation
2.1 - Always change vendor-supplied defaults
6.2 - Ensure all system components and software are protected from known vulnerabilities
10.2 - Implement automated audit trails for all access to cardholder data
11.2 - Run automated vulnerability scans regularly
🔗 References & Sources 7
🔗
🔗
🔗
🔗
🔗
🔗
🔗
https://github.com/AgiFlow/aicode-toolkit/commit/c4d23592ae5fb59cfeefc4641e6826f8ac89b9c6
cna@vuldb.com
https://github.com/AgiFlow/aicode-toolkit/issues/88
cna@vuldb.com
https://github.com/AgiFlow/aicode-toolkit/pull/89
cna@vuldb.com
https://github.com/AgiFlow/aicode-toolkit/releases/tag/%40agiflowai/aicode-toolkit%401.1.0
cna@vuldb.com
https://vuldb.com/submit/802836
cna@vuldb.com
https://vuldb.com/vuln/359845
cna@vuldb.com
https://vuldb.com/vuln/359845/cti
cna@vuldb.com