CVE ID :CVE-2026-33989
Published : March 27, 2026, 10:16 p.m. | 2 hours, 19 minutes ago
Description :Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : March 27, 2026, 10:16 p.m. | 2 hours, 19 minutes ago
Description :Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording` tools. The `saveTo` and `output` parameters were passed directly to filesystem operations without validation, allowing an attacker to write files outside the intended workspace. Version 0.0.49 fixes the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-33989
Unknown
N/A
N/A
⚠️ Vulnerability Description:
1. IMMEDIATE ACTIONS
Immediately assess the exposure of your AcmeCorp Universal API Gateway instances. If direct exposure to untrusted networks (e.g., public internet) is confirmed, consider temporary isolation measures.
Implement temporary network access control list (ACL) or firewall rules to block HTTP/2 traffic originating from untrusted sources to the API Gateway's public-facing interfaces. Specifically, scrutinize traffic destined
💡 AI-generated — review with a security professional before acting.View on NVD →