Skip to main content

papers-mcp-server CVE-2026-7205

| EUVDEUVD-2026-25962 MEDIUM
Path Traversal (CWE-22)
2026-04-28 cna@vuldb.com
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
Analysis Generated
Apr 28, 2026 - 01:31 vuln.today
EUVD ID Assigned
Apr 28, 2026 - 01:22 euvd
EUVD-2026-25962
Analysis Generated
Apr 28, 2026 - 01:22 vuln.today
CVE Published
Apr 28, 2026 - 01:16 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in duartium papers-mcp-server allows remote unauthenticated attackers to access arbitrary files on the server by manipulating the topic argument in the search_papers function. The vulnerability affects commit 9ceb3812a6458ba7922ca24a7406f8807bc55598 and is publicly exploitable with proof-of-concept code available; the vendor has been notified via issue report but has not yet responded.

Technical ContextAI

papers-mcp-server is a Model Context Protocol (MCP) server implementation for managing academic papers. The vulnerability resides in the search_papers function within src/main.py, where user-supplied input to the topic parameter is not properly validated or sanitized before being used in file path operations. This is a classic CWE-22 path traversal flaw where an attacker can use relative path sequences (e.g., ../, ..\) or absolute paths to escape the intended directory scope and read files outside the application's intended data directory. The MCP server's network-accessible interface enables remote exploitation without requiring authentication.

RemediationAI

No vendor-released patch identified at time of analysis. The primary mitigation is to avoid deploying papers-mcp-server in production until a patched version is released by the vendor. As an immediate compensating control, restrict network access to the MCP server to trusted internal networks only by implementing firewall rules or network segmentation that blocks external connections to the server's listening port. If the server must remain accessible, deploy a reverse proxy (nginx, Apache) in front of papers-mcp-server and implement strict input validation middleware that rejects any topic parameter containing path traversal sequences (.., /, \) before forwarding requests to the backend. Monitor the GitHub repository (https://github.com/duartium/papers-mcp-server/) and issue tracker for vendor updates and apply patches as soon as they become available. Contact the vendor directly if remediation timeline information is needed for risk assessment.

Share

CVE-2026-7205 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy