Advisories for Pypi/Neuro-Cortex-Memory package

2026

Cortex has Untrusted Project Bootstrap Code Execution via `CLAUDE_PROJECT_DIR`

The Cortex MCP server (neuro-cortex-memory) treats the CLAUDE_PROJECT_DIR environment variable — automatically set by Claude Code to the currently open project directory — as a trusted Cortex developer checkout. When the open_visualization tool is invoked, _find_dev_source() resolves the user's active project directory as a candidate Cortex source root. The only validation performed by _is_cortex_root() is a check for the presence of an mcp_server/ subdirectory and a ui/unified-viz.html file. An attacker …