CVE-2026-7728 | ryanjoachim mcp-rtfm 0.1.0 MCP Interface get_doc_content/read_doc/update_doc docFile path traversal

A vulnerability labeled as critical has been found in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-7728. The attack can be launched remotely. Moreover, an exploit is present.

It is best practice to apply a patch to resolve this issue.VulDB Recent EntriesRead More