{"data":{"id":"513a7804-e6b4-479c-a5fd-c6aa6dc16ad4","title":"GHSA-hwpp-h97w-2h3j: repomix: attach_packed_output can bypass file-read secret scanning for supported local files","summary":"Repomix's MCP server (a protocol for connecting AI assistants to tools) has a security weakness where the `attach_packed_output` function can register arbitrary local files with certain extensions (.json, .txt, .md, .xml) and bypass the secret-scanning check that normally blocks sensitive files from being read. An attacker using MCP tools can register any supported file type as output, get an ID for it, then use `read_repomix_output` to read the full file content without the safety check being applied.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-hwpp-h97w-2h3j","publishedAt":"2026-07-01T19:01:41.000Z","cveId":"CVE-2026-49988","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":["repomix@<= 1.14.0 (fixed: 1.14.1)"],"affectedVendors":[],"affectedVendorsRaw":["repomix"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-01T19:01:41.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}