CVE-2026-7738 | puchunjie doc-tools-mcp 1.0.18 MCP Interface src/mcp-server.ts create_document/open_document filePath path traversal

A vulnerability was found in puchunjie doc-tools-mcp 1.0.18. It has been declared as critical. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal.

This vulnerability is reported as CVE-2026-7738. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7738 | puchunjie doc-tools-mcp 1.0.18 MCP Interface src/mcp-server.ts create_document/open_document filePath path traversal

Post correlati

CVE-2024-24833 | Happy Addons for Elementor Plugin up to 3.10.1 on WordPress add_row_actions authorization

CVE-2024-35144 | IBM Maximo Application Suite 8.10.0/8.11.0/9.0.0 Monitor sensitive information in source

CVE-2024-12520 | Dominion Plugin up to 2.2.2 on WordPress cross site scripting

CVE-2023-53447 | Linux Kernel up to 6.4.4 f2fs f2fs_remount race condition