Skip to main content

Xiaozhi Mcphub

1 CVEs product

Monthly

CVE-2026-8116 LOW POC Monitor

Path traversal in xiaozhi-mcphub up to version 1.0.3 allows authenticated remote attackers to access arbitrary files via manipulation of the manifest.name argument in src/controllers/dxtController.ts, with CVSS 6.3 indicating moderate impact to confidentiality, integrity, and availability. Publicly available exploit code exists, and the project maintainer has not yet responded to early disclosure notification.

Path Traversal Xiaozhi Mcphub
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.1%
EPSS 0% CVSS 2.1
LOW POC Monitor

Path traversal in xiaozhi-mcphub up to version 1.0.3 allows authenticated remote attackers to access arbitrary files via manipulation of the manifest.name argument in src/controllers/dxtController.ts, with CVSS 6.3 indicating moderate impact to confidentiality, integrity, and availability. Publicly available exploit code exists, and the project maintainer has not yet responded to early disclosure notification.

Path Traversal Xiaozhi Mcphub
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy