CVE-2026-7149 Overview
A path traversal vulnerability has been identified in the dexhunter kaggle-mcp project, affecting the prepare_kaggle_dataset function within the src/kaggle_mcp/server.py file. This vulnerability allows remote attackers to manipulate the competition_id argument to traverse directories and potentially access sensitive files outside the intended directory scope. The exploit has been publicly disclosed and the project maintainers have been notified but have not yet responded.
Critical Impact
Remote attackers can exploit insufficient input validation in the competition_id parameter to access arbitrary files on the system through directory traversal sequences, potentially exposing sensitive configuration files, credentials, or other protected data.
Affected Products
- dexhunter kaggle-mcp (up to commit 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d)
Discovery Timeline
- April 27, 2026 - CVE-2026-7149 published to NVD
- April 29, 2026 - Last updated in NVD database
Technical Details for CVE-2026-7149
Vulnerability Analysis
This path traversal vulnerability (CWE-22) exists in the kaggle-mcp server component, specifically within the prepare_kaggle_dataset function. The vulnerability stems from improper validation of the competition_id parameter, which is used to construct file paths without adequate sanitization. An attacker can inject directory traversal sequences (such as ../) into this parameter to escape the intended directory and access files elsewhere on the file system.
The kaggle-mcp project is a Model Context Protocol (MCP) server that facilitates interactions with Kaggle datasets and competitions. The vulnerable function handles dataset preparation and uses user-supplied input to construct file paths, creating an opportunity for exploitation when malicious input is provided.
Root Cause
The root cause of this vulnerability is insufficient input validation and sanitization of the competition_id argument in the prepare_kaggle_dataset function. The function fails to properly validate or canonicalize file paths before using them in file system operations, allowing attackers to include path traversal sequences that navigate outside the intended directory structure. This is a classic example of CWE-22 (Improper Limitation of a Pathname to a Restricted Directory).
Attack Vector
The attack can be executed remotely over the network without requiring authentication. An attacker sends a specially crafted request containing directory traversal sequences (e.g., ../../etc/passwd) in the competition_id parameter. When the server processes this request, the malicious path components are not filtered, allowing the attacker to read files from arbitrary locations on the file system.
The attack does not require user interaction and can be automated. Since this is a server-side vulnerability in a network-accessible component, exploitation can occur from any network location that can reach the vulnerable service.
Detection Methods for CVE-2026-7149
Indicators of Compromise
- HTTP requests or API calls containing path traversal sequences (../, ..%2f, ..%5c) in the competition_id parameter
- Unusual file access patterns in server logs showing attempts to access files outside the kaggle-mcp data directory
- Error messages in application logs indicating failed attempts to access system files
- Successful unauthorized access to sensitive files such as /etc/passwd, configuration files, or credential stores
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block requests containing path traversal patterns in API parameters
- Configure intrusion detection systems (IDS) to alert on suspicious path traversal attempts targeting kaggle-mcp endpoints
- Enable detailed logging on the kaggle-mcp server to capture all incoming requests and file access operations
- Deploy endpoint detection solutions to monitor for unusual file access patterns originating from the server process
Monitoring Recommendations
- Monitor server access logs for requests containing encoded or raw path traversal sequences
- Set up alerts for any file access attempts outside the expected kaggle-mcp data directories
- Review application logs regularly for error messages related to file path operations
- Implement file integrity monitoring on sensitive system files to detect unauthorized access
How to Mitigate CVE-2026-7149
Immediate Actions Required
- Review your deployment of kaggle-mcp and assess exposure to untrusted network access
- Implement network-level access controls to restrict which systems can reach the kaggle-mcp server
- Deploy a web application firewall configured to block path traversal attack patterns
- Monitor the GitHub repository for updates and patches from the maintainers
Patch Information
As of the last update, the project maintainers have not yet responded to the vulnerability report submitted via the GitHub issue tracker. The kaggle-mcp project uses a rolling release model, so users should monitor the repository for commits that address this security issue. The vulnerable code exists up to commit 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d.
Workarounds
- Restrict network access to the kaggle-mcp server to trusted IP addresses or internal networks only
- Implement a reverse proxy with input validation rules to sanitize the competition_id parameter before forwarding requests
- Consider implementing application-level input validation as a wrapper around the vulnerable function
- If feasible, disable or remove the prepare_kaggle_dataset functionality until an official patch is available
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
