Skip to main content

notes-mcp EUVDEUVD-2026-25965

| CVE-2026-7212 MEDIUM
Path Traversal (CWE-22)
2026-04-28 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
CVSS changed
Apr 29, 2026 - 01:12 NVD
6.9 (MEDIUM) 5.5 (MEDIUM)
PoC Detected
Apr 29, 2026 - 01:00 vuln.today
Public exploit code
Analysis Generated
Apr 28, 2026 - 02:30 vuln.today
Severity Changed
Apr 28, 2026 - 02:22 NVD
HIGH MEDIUM
CVSS changed
Apr 28, 2026 - 02:22 NVD
7.3 (HIGH) 6.9 (MEDIUM)
EUVD ID Assigned
Apr 28, 2026 - 02:00 euvd
EUVD-2026-25965
Analysis Generated
Apr 28, 2026 - 02:00 vuln.today
CVE Published
Apr 28, 2026 - 01:15 nvd
MEDIUM 5.5

DescriptionCVE.org

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the argument root_dir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Path traversal in edvardlindelof notes-mcp up to version 0.1.4 allows remote unauthenticated attackers to read or manipulate files outside the intended directory by manipulating the root_dir or path arguments in notes_mcp.py. The vulnerability has a publicly available exploit and a CVSS score of 6.9, but the vendor has not responded to the early disclosure through issue tracking.

Technical ContextAI

notes-mcp is a Python-based Model Context Protocol (MCP) server implementation that manages note files. The vulnerability exists in notes_mcp.py where user-supplied arguments controlling directory traversal (root_dir and path parameters) are not properly validated before file operations. This is a classic CWE-22 path traversal flaw where insufficient input sanitization allows attackers to use path sequences (such as ../ or absolute paths) to escape the intended base directory and access arbitrary files on the system. The vulnerability operates at the application layer where file I/O operations accept unsanitized path inputs without canonical path resolution or whitelist validation.

RemediationAI

No vendor-released patch identified at time of analysis. Immediately upgrade to a version released after 0.1.4 if available, or consult the GitHub repository at https://github.com/edvardlindelof/notes-mcp/ for security updates. As a compensating control, implement strict input validation on all root_dir and path parameters before file operations by using canonical path resolution (e.g., Python's os.path.realpath() or pathlib.Path.resolve()) and verifying that resolved paths remain within the intended base directory. Additional mitigations include running notes-mcp with minimal file system permissions and restricting network access to the service to trusted clients only using firewall rules or network segmentation. If the service must accept remote connections, implement a WAF or proxy layer that sanitizes path parameters and blocks sequences containing ../ or absolute path prefixes.

Share

EUVD-2026-25965 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy