Which versions of processing-claude-mcp-bridge are affected by CVE-2026-7216?

CVE-2026-7216 is a critical path traversal vulnerability in processing-claude-mcp-bridge that allows unauthenticated remote attackers to read, write, or delete arbitrary files on affected servers.

Is there a public PoC exploit available for CVE-2026-7216?

Yes, a public proof-of-concept exploit is available for CVE-2026-7216. Prioritise patching immediately. EPSS: 0.0%.

processing-claude-mcp-bridge CVE-2026-7216

Q: What is the CVSS score of CVE-2026-7216?

CVE-2026-7216 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-25972 MEDIUM

Path Traversal (CWE-22)

2026-04-28 VulDB

Path Traversal

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:12 NVD

6.9 (MEDIUM) 5.5 (MEDIUM)

PoC Detected

Apr 29, 2026 - 01:00 vuln.today

Public exploit code

Severity Changed

Apr 28, 2026 - 03:22 NVD

HIGH MEDIUM

CVSS changed

Apr 28, 2026 - 03:22 NVD

7.3 (HIGH) 6.9 (MEDIUM)

Analysis Generated

Apr 28, 2026 - 03:16 vuln.today

EUVD ID Assigned

Apr 28, 2026 - 03:00 euvd

EUVD-2026-25972

Analysis Generated

Apr 28, 2026 - 03:00 vuln.today

CVE Published

Apr 28, 2026 - 02:15 nvd

MEDIUM 5.5

DescriptionNVD

A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component create_sketch Tool. This manipulation of the argument sketch_name causes path traversal. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in processing-claude-mcp-bridge's create_sketch tool allows remote unauthenticated attackers to read, write, or delete arbitrary files on the server by manipulating the sketch_name parameter in processing_server.py. Public exploit code exists via GitHub issue #1, enabling straightforward attacks against exposed instances. …

RemediationAI

Within 24 hours: Identify all systems running processing-claude-mcp-bridge and take internet-facing instances offline or restrict network access to trusted sources only. Within 7 days: Contact the project maintainer for patch availability and timeline; evaluate alternative tools or forked versions with security patches from the community. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-7216 vulnerability details – vuln.today

Back

processing-claude-mcp-bridge CVE-2026-7216

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

processing-claude-mcp-bridge CVE-2026-7216

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code