CVE-2026-7738 | puchunjie doc-tools-mcp 1.0.18 MCP Interface src/mcp-server.ts create_document/open_document filePath path traversal

A vulnerability was found in puchunjie doc-tools-mcp 1.0.18. It has been declared as critical. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal.

This vulnerability is reported as CVE-2026-7738. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More