Skip to main content

Mcpo Simple Server

1 CVEs product

Monthly

CVE-2026-7404 PyPI MEDIUM POC This Month

Path traversal in mcpo-simple-server 0.2.0 and earlier enables unauthenticated remote attackers to delete arbitrary files via the delete_shared_prompt function. The vulnerability affects the prompt_manager module's base_manager.py file, where improper validation of the 'detail' parameter allows directory traversal sequences. A public proof-of-concept exploit exists (GitHub issue #4), making this an immediate threat to internet-exposed instances. EPSS data not available, but the combination of network exploitability (AV:N), no authentication required (PR:N), and public POC significantly elevates real-world risk despite moderate CVSS 7.3 score. Vendor has not responded to early disclosure.

Path Traversal Mcpo Simple Server
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Path traversal in mcpo-simple-server 0.2.0 and earlier enables unauthenticated remote attackers to delete arbitrary files via the delete_shared_prompt function. The vulnerability affects the prompt_manager module's base_manager.py file, where improper validation of the 'detail' parameter allows directory traversal sequences. A public proof-of-concept exploit exists (GitHub issue #4), making this an immediate threat to internet-exposed instances. EPSS data not available, but the combination of network exploitability (AV:N), no authentication required (PR:N), and public POC significantly elevates real-world risk despite moderate CVSS 7.3 score. Vendor has not responded to early disclosure.

Path Traversal Mcpo Simple Server
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy