A vulnerability was found in ChromeDevTools chrome-devtools-mcp up to 1.0.x and classified as critical . Affected by this vulnerability is the function McpContext.validatePath of the component Symbolic Links Handler . Such manipulation leads to path traversal. This vulnerability is listed as CVE-2026-53766 . The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.