CVE-2026-7314 | eiceblue spire-doc-mcp-server 1.0.0 base.py get_doc_path document_name path traversal

Inserito da Angelo Barbosa | Apr 28, 2026 | CVE

A vulnerability was found in eiceblue spire-doc-mcp-server 1.0.0. It has been rated as critical. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results in path traversal.

This vulnerability is identified as CVE-2026-7314. The attack can be initiated remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7314 | eiceblue spire-doc-mcp-server 1.0.0 base.py get_doc_path document_name path traversal

Post correlati

CVE-2023-29051 | Open-Xchange OX App Suite up to 7.10.6-rev51/8.17 OXMF Template access control (oxas-adv-2023-0006)

CVE-2024-13542 | pagup WP Google Street View & Google maps and Local SEO Plugin Shortcode wpgsv cross site scripting

CVE-2026-32745 | JetBrains Datalore up to 2026.0 Cookie Setting missing secure attribute

CVE-2025-10641 | EfficientLab WorkExaminer Professional up to 4.0.0.52001 cleartext transmission