This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+5 more
Summary
AI summaryAdded input validation for Windows icacls command to block unsafe shell characters and path traversal, addressing a Medusa security finding.
Full changelog
What's New in v2026.1.4
Security
- Defense-in-Depth Path Validation - Added input validation for Windows
icaclscommandisPathSafeForShell()- Blocks shell metacharacters (;,&,|,`,$, etc.) and path traversal (..)isUsernameSafe()- Validates username format before shell use- Path normalization before execution
- Addresses Medusa security scan finding (hardened even though not exploitable)
Notes
- Medusa scan showed 11 findings, 10 were false positives
- This release hardens the one legitimate concern as defense-in-depth
Full Changelog
https://github.com/Pantheon-Security/notebooklm-mcp-secure/compare/v2026.1.3...v2026.1.4
Security Fixes
- Defense-in-Depth Path Validation: Added `isPathSafeForShell()` to block shell metacharacters (`;`, `&`, `|`, `` ` ``, `$`, etc.) and path traversal (`..`) in Windows `icacls` command usage (addresses Medusa scan finding).
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Pantheon-Security/notebooklm-mcp-secure
Security-hardened NotebookLM MCP with post-quantum encryption (ML-KEM-768), GDPR/SOC2/CSSF compliance, and 14 security layers. Query Google's Gemini-grounded research from Claude and AI agents.
Related context
Beta — feedback welcome: [email protected]