Skip to main content

Hwpx Mcp

1 CVEs product

Monthly

CVE-2026-7599 LOW POC Monitor

Path traversal in Dayoooun hwpx-mcp 0.2.0 allows authenticated remote attackers to manipulate the output_path argument in save_document, export_to_text, and export_to_html functions, enabling arbitrary file write or read operations outside intended directories. The vulnerability affects the MCP Interface component (mcp-server/src/index.ts) with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure.

Path Traversal Hwpx Mcp
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in Dayoooun hwpx-mcp 0.2.0 allows authenticated remote attackers to manipulate the output_path argument in save_document, export_to_text, and export_to_html functions, enabling arbitrary file write or read operations outside intended directories. The vulnerability affects the MCP Interface component (mcp-server/src/index.ts) with low confidentiality, integrity, and availability impact. Publicly available exploit code exists, and the vendor has not responded to early disclosure.

Path Traversal Hwpx Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy