Skip to main content

Doc Tools Mcp

1 CVEs product

Monthly

CVE-2026-7738 npm LOW POC Monitor

Path traversal in puchunjie doc-tools-mcp 1.0.18 MCP Interface allows authenticated remote attackers to access arbitrary files on the system via manipulation of the filePath argument in create_document and open_document functions. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists. The vendor has not responded to the early disclosure.

Path Traversal Doc Tools Mcp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in puchunjie doc-tools-mcp 1.0.18 MCP Interface allows authenticated remote attackers to access arbitrary files on the system via manipulation of the filePath argument in create_document and open_document functions. The vulnerability has a low CVSS score (2.1) due to authentication requirements and limited confidentiality impact, but publicly available exploit code exists. The vendor has not responded to the early disclosure.

Path Traversal Doc Tools Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy