VBS-2026-0013HIGHCVSS 8.5CWE-22Multiple git MCP server vulnerabilities (CVE-2025-68143/68144/68145) can be chained to tamper with files or cross repository boundaries when tool policy is weak.
Upgrade affected MCP server versions, validate canonical repository boundaries, and run MCP servers with least-privilege filesystem and network scopes.
How do I check if my MCP git servers + Tool argument parsing app is affected by git MCP server chain: path traversal + argument injection + repo restriction bypass?
Multiple git MCP server vulnerabilities (CVE-2025-68143/68144/68145) can be chained to tamper with files or cross repository boundaries when tool policy is weak.. Search your codebase for MCP git servers, Tool argument parsing, Path validation patterns and verify the remediation has been applied.
Why does Claude and Codex generate code with CWE-22 (high severity)?
Multiple git MCP server vulnerabilities (CVE-2025-68143/68144/68145) can be chained to tamper with files or cross repository boundaries when tool policy is weak.
How do I fix git MCP server chain: path traversal + argument injection + repo restriction bypass?
Upgrade affected MCP server versions, validate canonical repository boundaries, and run MCP servers with least-privilege filesystem and network scopes.
What can an attacker do if my app contains VBS-2026-0013?
With CVSS 8.5 (high), this vulnerability is high risk — significant data or functionality can be compromised.