eliran79/vulnerable-file-reader-server

@Eliran79

A deliberately vulnerable MCP server demonstrating command injection flaws. This Python implementation shows how lack of input sanitization in file paths leads to critical security vulnerabilities allowing attackers to execute arbitrary commands. For educational purposes only - demonstrates both the vulnerability and proper security practices.

command-injectionvulnerabilityfile-readersecurityeducationpythonmcptool

Installation & Configuration

{
  "mcpServers": {
    "file-reader": {
      "command": "/ABSOLUTE/PATH/TO/uv",
      "args": [
        "--directory",
        "/data/git/file_reader_server",
        "/usr/bin/uv",
        "run,--with,mcp,mcp,run,main.py"
      ]
    }
  }
}

Information

Transport

stdio

Language

Python

Created

2026/6/13

Updated

2026/6/13

Homepage

https://github.com/Eliran79/Vulnerable-file-reader-server