GHSA-j7h9-2jh7-g967: Path Policy Bypass and Timing Side-Channel in mcp-ssh-tool
Vulnerability ID: GHSA-J7H9-2JH7-G967
CVSS Score: 8.7
Published: 2026-05-07
The mcp-ssh-tool npm package prior to version 2.1.1 contains two significant security flaws: an incomplete path policy enforcement mechanism that permits directory traversal and local path bypasses (CWE-22), and an observable timing differential in bearer token authentication (CWE-208).
TL;DR
mcp-ssh-tool <= 2.1.0 suffers from path traversal and policy bypass due to improper prefix checking, alongside an authentication timing side-channel. Upgrading to 2.1.1 resolves both issues.
Technical Details
- Vulnerability IDs: GHSA-j7h9-2jh7-g967
- CVSS v4.0 Base Score: 8.7 (High)
- Primary CWEs: CWE-22 (Path Traversal), CWE-208 (Observable Timing Differential)
- Attack Vector: Network
- Privileges Required: None
- Exploit Status: No public PoC identified
- Affected Versions: <= 2.1.0
- Fixed Version: 2.1.1
Affected Systems
- mcp-ssh-tool npm package
-
mcp-ssh-tool: <= 2.1.0 (Fixed in:
2.1.1)
Mitigation Strategies
- Upgrade mcp-ssh-tool to a patched version
- Restrict network exposure of the HTTP transport layer
- Audit filesystem policies for prefix collisions
- Implement strict rate limiting to hinder timing side-channel attacks
Remediation Steps:
- Identify the current version of mcp-ssh-tool using
npm list -g mcp-ssh-tool. - Upgrade the package using
npm install -g mcp-ssh-tool@latest. - Restart the mcp-ssh-tool service to load the updated module.
- Review access logs for repeated failed authentication attempts that may indicate token brute-forcing.
- Review file transfer logs for suspicious paths involving '..' sequences or unusual prefix patterns.
References
Read the full report for GHSA-J7H9-2JH7-G967 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)