Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in the MCP Interface export_state function of ruvnet sublinear-time-solver 1.5.0 allows remote unauthenticated attackers to manipulate file paths, resulting in information disclosure and integrity compromise. Public exploit code is available and the vulnerability has CVSS 6.5 (medium severity) with proof-of-concept publicly disclosed, though the vendor has not yet responded to early notification.
Technical ContextAI
The vulnerability exists in the export_state function within src/consciousness-explorer/mcp/server.js of the MCP (Model Context Protocol) Interface component. Path traversal (CWE-22) occurs when user-supplied input is used to construct file paths without proper validation or sanitization, allowing attackers to traverse directory structures using sequences like '../' to access or modify files outside the intended directory. The MCP server interface likely processes export requests over network protocols, enabling remote exploitation of this path manipulation flaw.
RemediationAI
No vendor-released patch has been identified at time of analysis; the vendor has not responded to early notification despite issue report at https://github.com/ruvnet/sublinear-time-solver/issues/19. Immediate mitigation requires applying strict input validation in the export_state function to reject or sanitize path traversal sequences (../, ..\ and encoded variants like %2e%2e%2f). Implement a whitelist of allowed export directories and use path canonicalization to resolve absolute paths before file operations. Restrict the process running the MCP server to a dedicated, unprivileged user account with minimal filesystem permissions. As a temporary compensating control, disable the export functionality if not critical to operations, or wrap the MCP server with a reverse proxy that validates request paths before forwarding. Monitor the GitHub issue tracker and VulDB for vendor updates, and consider forking the repository to apply patches locally if the vendor does not respond within a defined timeframe.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26799