CVE-2026-7319 | elinsky execution-system-mcp 0.1.0 add_action Tool server.py _get_context_file_path context path traversal

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability has been found in elinsky execution-system-mcp 0.1.0 and classified as critical. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal.

This vulnerability is handled as CVE-2026-7319. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-7319 | elinsky execution-system-mcp 0.1.0 add_action Tool server.py _get_context_file_path context path traversal

Post correlati

CVE-2025-52546 | Copeland LP E3 Supervisory Control up to 2.31F00 Floor Plan unrestricted upload

CVE-2024-4510 | Ruijie RG-UAC up to 20240428 arp_add_commit.php text_ip_addr/text_mac_addr os command injection

CVE-2024-20350 | Cisco Digital Network Architecture Center up to 2.3.7.4-AIRGAP-MDNAC SSH Host Key hard-coded key (cisco-sa-dnac-ssh-e4uOdASj)

CVE-2024-6562 | affiliate-toolkit Plugin up to 3.5.5 on WordPress information disclosure