CVE-2026-7599 | Dayoooun hwpx-mcp 0.2.0 MCP Interface mcp-server/src/index.ts save_document/export_to_text/export_to_html output_path path traversal

A vulnerability classified as critical has been found in Dayoooun hwpx-mcp 0.2.0. This affects the function save_document/export_to_text/export_to_html of the file mcp-server/src/index.ts of the component MCP Interface. Performing a manipulation of the argument output_path results in path traversal.

This vulnerability is known as CVE-2026-7599. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More