Path traversal in NVIDIA's RAG Blueprint MCP server
NVIDIA's RAG Blueprint shipped an MCP server that read user-supplied file paths with no validation. Any client could read arbitrary files and ingest them into the RAG collection.
The system
The RAG Blueprint is NVIDIA's reference architecture for retrieval-augmented generation. Its MCP server lets agents upload documents into the pipeline, reading each path from disk before forwarding the contents. It bound to 0.0.0.0:8000 with no authentication.
The finding
Both upload tools passed file paths straight to open() with no checks. A client could supply ../../../../etc/passwd, have it ingested into the RAG collection, then read it back through the model. A filesystem read laundered into natural-language answers.
The fix
Path validation that canonicalises each path with os.path.realpath() and rejects anything outside a configurable base directory.
Want this rigour on your stack
Tell us what you're shipping and we'll scope a focused review, then Sebastion keeps it secure on every pull request.