Relative path traversal in git MCP Server: data exfiltration using 'git_add'
Versions prior to 2026.1.14 of mcp-server-git are vulnerable to data exfiltration through relative path traversal, allowing paths outside the repository to be added to the repo and exfiltrated by committing and pushing the repository.