CVE-2026-7738

Sažetak

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Reference

https://github.com/BruceJqs/public_exp/issues/38
https://github.com/puchunjie/doc-tools-mcp/
https://github.com/puchunjie/doc-tools-mcp/issues/4
https://vuldb.com/submit/807642
https://vuldb.com/vuln/360913
https://vuldb.com/vuln/360913/cti

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

04-05-2026 - 15:17

Objavljeno

04-05-2026 - 07:16