MCP-Server

The server has critical security vulnerabilities. 1. Arbitrary SSH Command Execution: The `SSHSession.execute` function, used by both WebSocket (`execute` message with `skip_confirm=True` or confirmed) and REST API (`/server/mcp/execute`), allows direct execution of arbitrary commands on the remote SSH server. The command warning system is client-side and bypassable for REST API calls, and the `allowlist`/`disallowlist` are not enforced by default in the WebSocket handler's SSHSession instantiation. This means a compromised MCP token or malicious client can execute any command on the remote SSH server. 2. Arbitrary Local File System Access: The `get_excel_path` function, intended to sandbox Excel file operations within `EXCEL_FILES_PATH`, is vulnerable. If an absolute path is provided as `filepath` (e.g., `/etc/passwd`), the server will attempt to access that file directly on the machine running the MCP server, potentially allowing an attacker to read or write to arbitrary files outside the intended directory. This is a severe local file access vulnerability. 3. Information Disclosure: Combining these, a malicious actor could use the local file access vulnerability to read sensitive local files, or use arbitrary SSH commands to extract sensitive data from remote servers.