EUVD-2026-31706
GHSA-rf4q-8q48-538j
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been found in c-rick jimeng-mcp 1.10.0. Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts. The manipulation of the argument filePath leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Path traversal in jimeng-mcp 1.10.0 allows low-privileged remote attackers to read and write files outside the intended directory by supplying crafted filePath arguments to four distinct API functions: getFileContent, uploadCoverFile, generateImage, and generateVideo in src/api.ts. A publicly available proof-of-concept exploit exists, disclosed via GitHub issue #15, though EPSS at 0.04% (13th percentile) indicates minimal observed mass-exploitation activity to date. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires low-privilege authenticated access to the jimeng-mcp API, confirmed by the PR:L designation in the CVSS 4.0 vector - an attacker must hold valid credentials or a session token for the service. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 scores this at 2.1, reflecting low-magnitude confidentiality, integrity, and availability impacts (VC:L/VI:L/VA:L) with no scope change (SC:N), indicating the vulnerability cannot propagate beyond the affected component's security boundary. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privilege credentials to a jimeng-mcp 1.10.0 instance sends a crafted API request to the getFileContent endpoint with a filePath value such as ../../../../etc/passwd or a path targeting application secrets outside the working directory. Because the filePath argument is not sanitized before use in file system operations, the server resolves the traversal and returns the content of the targeted file. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the maintainer has not responded to the disclosure submitted via GitHub issue #15 (https://github.com/c-rick/jimeng-mcp/issues/15). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today