GHSA-hwpp-h97w-2h3j: repomix: attach_packed_output can bypass file-read secret scanning for supported local files
Summary
Repomix's MCP server (a protocol for connecting AI assistants to tools) has a security weakness where the `attach_packed_output` function can register arbitrary local files with certain extensions (.json, .txt, .md, .xml) and bypass the secret-scanning check that normally blocks sensitive files from being read. An attacker using MCP tools can register any supported file type as output, get an ID for it, then use `read_repomix_output` to read the full file content without the safety check being applied.
Vulnerability Details
EPSS: 0.0%
Yes
July 1, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://github.com/advisories/GHSA-hwpp-h97w-2h3j
First tracked: July 1, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 85%