CVE-2026-7599 | Dayoooun hwpx-mcp 0.2.0 MCP Interface mcp-server/src/index.ts save_document/export_to_text/export_to_html output_path path traversal

A vulnerability classified as critical has been found in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument output_path results in path traversal.

This vulnerability is known as CVE-2026-7599. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7599 | Dayoooun hwpx-mcp 0.2.0 MCP Interface mcp-server/src/index.ts save_document/export_to_text/export_to_html output_path path traversal

Post correlati

CVE-2025-69392 | iMoney Plugin up to 0.36 on WordPress cross site scripting

CVE-2024-5820 | stitionai devika authorization

CVE-2024-6457 | HUSKY Plugin up to 1.3.6 on WordPress sql injection

CVE-2023-54293 | Linux Kernel up to 5.10.187/5.15.120/6.1.38/6.4.3 bch_btree_check_thread denial of service