A vulnerability described as critical has been identified in fatbobman mail-mcp-bridge up to 1.3.3 . Affected is an unknown function of the file src/mail_mcp_server.py . Executing a manipulation of the argument message_ids can lead to path traversal. This vulnerability is handled as CVE-2026-7386 . The attack can be executed remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.