CVE-2026-7404 | getsimpletool mcpo-simple-server up to 0.2.0 base_manager.py delete_shared_prompt detail path traversal

A vulnerability has been found in getsimpletool mcpo-simple-server up to 0.2.0 and classified as critical. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal.

The identification of this vulnerability is CVE-2026-7404. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More