CVE-2026-8116 | huangjunsen0406 xiaozhi-mcphub up to 1.0.3 dxtController.ts manifest.name path traversal (Issue 29)

Inserito da Angelo Barbosa | Mag 7, 2026 | CVE

A vulnerability has been found in huangjunsen0406 xiaozhi-mcphub up to 1.0.3 and classified as critical. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal.

This vulnerability appears as CVE-2026-8116. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-8116 | huangjunsen0406 xiaozhi-mcphub up to 1.0.3 dxtController.ts manifest.name path traversal (Issue 29)

Post correlati

CVE-2024-27185 | Joomla CMS up to 3.10.16/4.4.6/5.1.2 pagination unknown vulnerability

CVE-2025-7615 | TOTOLINK T6 4.1.5cu.748 HTTP POST Request /cgi-bin/cstecgi.cgi clearPairCfg ip command injection

CVE-2024-53031 | Qualcomm Snapdragon Auto up to SRV1M memory corruption

CVE-2024-47804 | Jenkins prior 2.462.x/2.477.x CLI/REST API permission