CVE-2026-7788 | Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0 app/routes/document.py DOCS_DIR/path path traversal

A vulnerability has been found in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0 and classified as critical. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of the argument DOCS_DIR/path results in path traversal.

This vulnerability was named CVE-2026-7788. The attack may be initiated remotely. In addition, an exploit is available.

This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7788 | Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0 app/routes/document.py DOCS_DIR/path path traversal

Post correlati

CVE-2024-11641 | e4jvikwp VikBooking Hotel Booking Engine & PMS Plugin up to 1.7.2 on WordPress cross-site request forgery

CVE-2019-25567 | Valentina-Db Valentina Studio 9.0.5 Host out-of-bounds write (Exploit 46439 / EDB-46439)

CVE-2024-20050 | MediaTek MT8798 Flashc information disclosure (ALPS08541757)

CVE-2024-2368 | ndijkstra Mollie Forms Plugin up to 2.6.13 on WordPress duplicateForm cross-site request forgery