[New Advisory] Path Traversal in Screenshot/PDF Save Path in mcp-playwright #7258
Description
Advisory Details
Package: @anthropic-ai/mcp-playwright (npm) / executeautomation/mcp-playwright
Repository: https://github.com/executeautomation/mcp-playwright
CWE: CWE-22 (Path Traversal)
Severity: Medium
Summary
The screenshot and PDF save functionality accepts user-supplied file paths without validation. An attacker can use path traversal sequences to write screenshots or PDFs to arbitrary locations on the filesystem.
Details
When saving screenshots or PDFs, the tool accepts a file path parameter that is used directly to write the output file. There is no path validation, canonicalization, or restriction to a specific output directory. Path traversal sequences like ../../ can be used to write files outside the intended directory.
PoC
- Use the screenshot tool with save path set to
../../tmp/screenshot.png - The screenshot is saved to /tmp/ instead of the expected output directory
- Can overwrite sensitive files if the process has write permission
Impact
Arbitrary file write via path traversal. An attacker can overwrite configuration files, scripts, or other sensitive files on the host filesystem.