Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in duartium papers-mcp-server allows remote unauthenticated attackers to access arbitrary files on the server by manipulating the topic argument in the search_papers function. The vulnerability affects commit 9ceb3812a6458ba7922ca24a7406f8807bc55598 and is publicly exploitable with proof-of-concept code available; the vendor has been notified via issue report but has not yet responded.
Technical ContextAI
papers-mcp-server is a Model Context Protocol (MCP) server implementation for managing academic papers. The vulnerability resides in the search_papers function within src/main.py, where user-supplied input to the topic parameter is not properly validated or sanitized before being used in file path operations. This is a classic CWE-22 path traversal flaw where an attacker can use relative path sequences (e.g., ../, ..\) or absolute paths to escape the intended directory scope and read files outside the application's intended data directory. The MCP server's network-accessible interface enables remote exploitation without requiring authentication.
RemediationAI
No vendor-released patch identified at time of analysis. The primary mitigation is to avoid deploying papers-mcp-server in production until a patched version is released by the vendor. As an immediate compensating control, restrict network access to the MCP server to trusted internal networks only by implementing firewall rules or network segmentation that blocks external connections to the server's listening port. If the server must remain accessible, deploy a reverse proxy (nginx, Apache) in front of papers-mcp-server and implement strict input validation middleware that rejects any topic parameter containing path traversal sequences (.., /, \) before forwarding requests to the backend. Monitor the GitHub repository (https://github.com/duartium/papers-mcp-server/) and issue tracker for vendor updates and apply patches as soon as they become available. Contact the vendor directly if remediation timeline information is needed for risk assessment.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25962