CVE-2026-7404 | getsimpletool mcpo-simple-server up to 0.2.0 base_manager.py delete_shared_prompt detail path traversal

A vulnerability has been found in getsimpletool mcpo-simple-server up to 0.2.0 and classified as critical. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal.

The identification of this vulnerability is CVE-2026-7404. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7404 | getsimpletool mcpo-simple-server up to 0.2.0 base_manager.py delete_shared_prompt detail path traversal

Post correlati

CVE-2023-6520 | WP 2FA Plugin up to 2.5.0 on WordPress cross-site request forgery

CVE-2024-28418 | Webedition CMS 9.2.2.0 /webEdition/we_cmd.php unrestricted upload

CVE-2024-8420 | SiteSao DHVC Form Plugin up to 2.4.7 on WordPress role privileges assignment

CVE-2024-41890 | Apache Answer up to 1.3.5 Password Reset release of resource