DO NOT open a public GitHub issue for security vulnerabilities. Instead, please report them responsibly to:

Email: security@rethunk.tech
Response SLA: We aim to respond to security reports within 24 hours.

When reporting a vulnerability, please include:

• Description of the vulnerability
• Affected component(s) and version(s)
• Steps to reproduce (if applicable)
• Potential impact
• Suggested fix (optional)

mcp-multi-root-git is an MCP server that exposes git operations (status, log, diff, show, fetch, commit, push, merge, stash, tag, and reset) to LLMs. It has security implications due to git workflow access and repository state modification.

• Critical: Server operates on local git repositories with user permissions
• Tools perform read (status, log, diff) and write operations (commit, push, merge)
• Multi-root setup allows access to multiple repos; ensure intended scope
• Token/credential handling for remote operations (push, pull)

• High: batch_commit, git_push, git_merge, git_cherry_pick, git_reset_soft, git_tag, git_stash_apply, and git_fetch modify repository state or refs
• These operations can rewrite history, overwrite refs, lose commits if misused, or apply changes the operator did not intend
• Implement safeguards against destructive operations (force-push, reset misuse, unsafe merge targets)
• Validate branch names, refs, stash indices, and merge targets before operations

• Medium: Push and fetch operations may require git credentials (SSH keys, PAT tokens, or git credentials storage)
• SSH agent socket access required for SSH authentication
• Credentials should never be logged or exposed
• Validate that credentials are not embedded in code or environment

• Medium: Server accesses local filesystem to read/write git repositories
• Symlink traversal could allow access outside intended directory
• Validate paths to prevent directory escape attacks
• Restrict filesystem access to intended git repository roots

• Low-Medium: Large diffs could expose sensitive data (API keys, passwords in code)
• Diff viewer truncates output; still be mindful of sensitive content
• Do not expose raw repository contents without review

• Validate all repository paths resolve within intended roots
• Prevent symlink traversal to parent directories
• Use absolute path resolution; validate against whitelist

• Implement safeguards on destructive operations (merge, cherry-pick, reset)
• Validate branch names match expected patterns
• Prevent force-push to protected branches (main, master, develop, stable, prod)
• Log all write operations for audit trails

• Use SSH agent or git credentials storage; never embed credentials
• SSH key passphrase protection recommended
• Monitor git credentials for unusual access patterns
• Document credential setup requirements

• Keep the git CLI, Node.js runtime, and Bun toolchain up-to-date for security patches
• Monitor core dependencies such as fastmcp and zod for security advisories
• Run bun audit regularly; address high/critical vulnerabilities

• Document all workspace root directories
• Validate roots are intentional and secure
• Prevent unintended access to sibling or parent repositories
• Use absolute paths; validate against whitelist

Latest release only.

None currently known. Reports are welcome via security@rethunk.tech.

• Test on non-critical repositories before production use
• Validate path traversal prevention with symlinks
• Test write operations on a test repository; verify nothing unintended is modified
• Test with invalid branch names and merge targets; validate error handling

If a security vulnerability is discovered:

1. Report immediately to security@rethunk.tech (do not disclose publicly)
2. Include reproduction steps and affected version(s)
3. Allow 24-48 hours for initial response and triage
4. Coordinate disclosure timeline if patch is required
5. Credit will be given to the reporter (if desired)

• Security Issues: security@rethunk.tech
• General Support: support@rethunk.tech
• Website: https://rethunk.tech

Last updated: 2026-05-07