Skip to main content

mcpo-simple-server CVE-2026-7404

| EUVDEUVD-2026-26288 MEDIUM
Relative Path Traversal (CWE-23)
2026-04-29 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
Apr 29, 2026 - 21:22 NVD
HIGH MEDIUM
CVSS changed
Apr 29, 2026 - 21:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)
PoC Detected
Apr 29, 2026 - 21:16 vuln.today
Public exploit code
Analysis Generated
Apr 29, 2026 - 20:57 vuln.today
EUVD ID Assigned
Apr 29, 2026 - 20:45 euvd
EUVD-2026-26288
Analysis Generated
Apr 29, 2026 - 20:45 vuln.today
CVE Published
Apr 29, 2026 - 20:15 nvd
MEDIUM 5.5

DescriptionCVE.org

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in mcpo-simple-server 0.2.0 and earlier enables unauthenticated remote attackers to delete arbitrary files via the delete_shared_prompt function. The vulnerability affects the prompt_manager module's base_manager.py file, where improper validation of the 'detail' parameter allows directory traversal sequences. A public proof-of-concept exploit exists (GitHub issue #4), making this an immediate threat to internet-exposed instances. EPSS data not available, but the combination of network exploitability (AV:N), no authentication required (PR:N), and public POC significantly elevates real-world risk despite moderate CVSS 7.3 score. Vendor has not responded to early disclosure.

Technical ContextAI

This is a CWE-23 Relative Path Traversal vulnerability in mcpo-simple-server, a Python-based tool from getsimpletool for managing Model Context Protocol (MCP) prompts. The flaw exists in src/mcpo_simple_server/services/prompt_manager/base_manager.py within the delete_shared_prompt function. The vulnerability stems from insufficient input sanitization on the 'detail' argument, allowing attackers to inject relative path sequences (e.g., '../../../') to escape the intended directory scope. Path traversal vulnerabilities occur when applications fail to properly validate user-supplied file paths before performing filesystem operations, enabling access or manipulation of files outside the designated working directory. The CPE identifier cpe:2.3:a:getsimpletool:mcpo-simple-server indicates all versions through 0.2.0 are affected.

RemediationAI

No official patch has been released by the vendor as of this analysis (RL:X). The vendor was notified early through VulDB submission #803612 and GitHub issue #4 but has not responded. Immediate compensating controls required: (1) Restrict network access to mcpo-simple-server instances using firewall rules or VPN - limit exposure to trusted networks only (trade-off: reduces functionality for distributed teams). (2) Implement web application firewall (WAF) rules to block requests containing path traversal sequences like '../', '..\', URL-encoded variants ('%2e%2e%2f'), and null bytes in the 'detail' parameter (trade-off: may cause false positives if legitimate file names contain these patterns). (3) Deploy file integrity monitoring on systems running mcpo-simple-server to detect unauthorized file deletions (trade-off: detection only, not prevention). (4) If feasible, consider replacing with alternative MCP prompt management solutions or forking the project to implement input validation using path canonicalization and whitelist-based file access controls. Monitor https://github.com/getsimpletool/mcpo-simple-server/ and https://vuldb.com/vuln/360140 for vendor updates. Given vendor silence, plan for long-term migration away from this product.

Share

CVE-2026-7404 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy