{"id":"CVE-2026-33989","summary":"@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools","details":"Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue.","aliases":["GHSA-3p2m-h2v6-g9mx"],"modified":"2026-04-10T05:43:20.006Z","published":"2026-03-27T22:03:01.801Z","database_specific":{"cwe_ids":["CWE-22","CWE-73"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33989.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33989.json"},{"type":"FIX","url":"https://github.com/mobile-next/mobile-mcp/commit/f5e32295903128c1e71cf915ae6c0b76c7b0153b"},{"type":"WEB","url":"https://github.com/mobile-next/mobile-mcp/releases/tag/0.0.49"},{"type":"ADVISORY","url":"https://github.com/mobile-next/mobile-mcp/security/advisories/GHSA-3p2m-h2v6-g9mx"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33989"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mobile-next/mobile-mcp","events":[{"introduced":"0"},{"fixed":"40a8e768219f2469fec426ca19da0c6c6e75f08e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.0.49"}]}}],"versions":["0.0.11","0.0.12","0.0.14","0.0.15","0.0.16","0.0.17","0.0.18","0.0.20","0.0.21","0.0.22","0.0.23","0.0.24","0.0.25","0.0.26","0.0.27","0.0.28","0.0.29","0.0.30","0.0.31","0.0.32","0.0.33","0.0.34","0.0.35","0.0.36","0.0.40","0.0.41","0.0.42","0.0.44","0.0.45","0.0.46","0.0.47","0.0.48","0.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33989.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}]}