The @mobilenext/mobile-mcp server — a widely-used MCP package for mobile device automation and testing — contains a path traversal vulnerability in its mobile_save_screenshot and mobile_start_screen_recording tools. The saveTo and output parameters were passed directly to filesystem operations without any path validation.
An attacker who can control the parameters passed to these tools (via a compromised MCP client, prompt injection, or a malicious MCP server in a multi-server setup) can write arbitrary files outside the intended workspace to any location accessible by the agent process.
In agentic environments where mobile-mcp runs alongside other tools, this write primitive could be used to overwrite configuration files, inject malicious scripts, or plant files in locations that trigger downstream execution — extending a single tool call into persistent code execution.
Immediate recommendation: Upgrade @mobilenext/mobile-mcp to version 0.0.49 or later. Audit any agent that consumed screenshots or screen recordings with user-controlled output paths.