CVE-2026-7315 | eiceblue spire-pdf-mcp-server 0.1.1 PDF File server.py get_pdf_path filepath path traversal

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability categorized as critical has been discovered in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal.

This vulnerability is tracked as CVE-2026-7315. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7315 | eiceblue spire-pdf-mcp-server 0.1.1 PDF File server.py get_pdf_path filepath path traversal

Post correlati

CVE-2024-12982 | PHPGurukul Blood Bank & Donor Management System 2.4 update-contactinfo.php Address cross site scripting

CVE-2024-12793 | PbootCMS up to 5.2.3 IndexController.php tag path traversal

CVE-2024-9333 | M-Files Connector for Copilot up to 24.9.2 Access Control List permissions

CVE-2025-21490 | Oracle MySQL Server up to 8.0.40/8.4.3/9.1.0 InnoDB improper authorization