Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in xiaozhi-mcphub up to version 1.0.3 allows authenticated remote attackers to access arbitrary files via manipulation of the manifest.name argument in src/controllers/dxtController.ts, with CVSS 6.3 indicating moderate impact to confidentiality, integrity, and availability. Publicly available exploit code exists, and the project maintainer has not yet responded to early disclosure notification.
Technical ContextAI
xiaozhi-mcphub is a Node.js application with TypeScript controllers. The vulnerability resides in dxtController.ts where user-supplied input from the manifest.name parameter is processed without proper sanitization or validation. CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) indicates the application fails to neutralize special path characters such as '..' and '/' that enable directory traversal attacks. An authenticated user can craft requests with path sequences to navigate outside intended directories and access sensitive files on the system. The attack vector is network-based, exploitable by any authenticated user with no special privileges required beyond login.
RemediationAI
Primary remediation is to upgrade xiaozhi-mcphub beyond version 1.0.3 if a patched release becomes available; however, as of the analysis date, no fixed version has been released by the maintainer. Until a patch is available, immediately implement input validation and sanitization in dxtController.ts to remove or reject path traversal sequences ('.', '..', '/', '\') from the manifest.name parameter. Apply a whitelist-based approach to restrict manifest.name to alphanumeric characters, hyphens, and underscores only. Additionally, configure file system access controls to restrict the application's read/write permissions to only the directories it requires, preventing traversal to sensitive system files even if the vulnerability is exploited. Monitor GitHub issue #29 and the project repository for security updates. If the maintainer remains unresponsive, consider forking the project or switching to an actively maintained alternative.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-28473
GHSA-h65h-28xw-w79q