Lack of data validation - Path Traversal In @mobilenext/mobile-mcp
Description
@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools
Summary
The @mobilenext/mobile-mcp server contains a Path Traversal vulnerability in the mobile_save_screenshot and mobile_start_screen_recording tools. The saveTo and output parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace.
Details
File: src/server.ts (lines 584-592)
tool( "mobile_save_screenshot", "Save Screenshot", "Save a screenshot of the mobile device to a file", { device: z.string().describe("The device identifier..."), saveTo: z.string().describe("The path to save the screenshot to"), },...
Root Cause
The saveTo parameter is passed directly to fs.writeFileSync() without any validation. The codebase has validation functions for other parameters (validatePackageName, validateLocale in src/utils.ts) but no path validation function exists.
Additional Affected Tool
File: src/server.ts (lines 597-620)
The mobile_start_screen_recording tool has the same vulnerability in its output parameter.
PoC
#!/usr/bin/env python3 import json import os import subprocess import sys import time from datetime import datetime...
Impact
A Prompt Injection attack from a malicious website or document could trick the AI into overwriting sensitive host files (e.g., ~/.bashrc, ~/.ssh/authorized_keys, or .config files) leading to a broken shell.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 npm | 0.0.49 |
Aliases
References