CVE-2026-7217 | Deepractice PromptX up to 2.4.0 Document File index.ts path absolute path traversal (Issue 571)

A vulnerability, which was classified as critical, was found in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal.

This vulnerability is documented as CVE-2026-7217. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More