CVE-2026-8116 | huangjunsen0406 xiaozhi-mcphub up to 1.0.3 dxtController.ts manifest.name path traversal (Issue 29)

A vulnerability has been found in huangjunsen0406 xiaozhi-mcphub up to 1.0.3 and classified as critical. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal.

This vulnerability appears as CVE-2026-8116. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More