CVE-2026-7159 | douinc mkdocs-mcp-plugin up to 0.4.1 server.py read_document/list_documents docs_dir/file_path path traversal

Inserito da Angelo Barbosa | Apr 26, 2026 | CVE

A vulnerability classified as critical has been found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal.

This vulnerability is reported as CVE-2026-7159. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor confirms, that the “fix will be published within a few days.”

CVE-2026-7159 | douinc mkdocs-mcp-plugin up to 0.4.1 server.py read_document/list_documents docs_dir/file_path path traversal

Post correlati

CVE-2024-5668 | Lightbox & Modal Popup Plugin up to 2.7.28 on WordPress HTML Data Attribute HTML injection

CVE-2023-50895 | Janitza GridVis up to 9.0.66 Project Load Privilege Escalation

CVE-2023-52574 | Linux Kernel up to 6.5.5 team vlan_dev_hard_header null pointer dereference

CVE-2025-24608 | Milan Petrovic GD Mail Queue Plugin up to 4.3 on WordPress cross site scripting