BeehiveInnovations/pal-mcp-server

GitHub

github.com

Releases76

Frequency1 day 13 hours

Last Release 6 months ago

Stars11.6K

The power of Claude Code / GeminiCLI / CodexCLI + [Gemini / OpenAI / OpenRouter / Azure / Grok / Ollama / Custom Model / All Of The Above] working as one.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-66689 ↗	Jan 12, 2026Monday, 12 January 2026, 17:15	6.5 MEDIUM	—
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the is_dangerous_path() validation function that uses exact string matching against a blacklist of system directories. Attackers can bypass these restrictions by accessing subdirectories of blacklisted paths.