Description
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the "fix will be published within a few days."
Published: 2026-04-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote File Access via Directory Traversal
Action: Patch Now
AI Analysis

Impact

The vulnerability occurs in the read_document and list_documents functions of server.py in mkdocs-mcp-plugin. By manipulating the docs_dir or file_path parameters, an attacker can perform path traversal. The flaw is exploitable remotely, allowing the attacker to read files outside the intended directory and potentially disclose sensitive data, thereby compromising confidentiality.

Affected Systems

The issue affects douinc mkdocs-mcp-plugin versions up to and including 0.4.1. Any installation that has not applied the forthcoming fix is susceptible.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity. No EPSS data is available, but the vulnerability has already been exposed publicly, meaning that exploitation is feasible. It is not listed in CISA KEV. Attackers can trigger the flaw from the network by sending crafted requests to the plugin’s API, potentially bypassing normal file boundaries.

Generated by OpenCVE AI on April 28, 2026 at 12:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor-published patch once it becomes available (upgrade to a version newer than 0.4.1).
  • If upgrading immediately is not possible, restrict network access to the plugin’s API or disable the affected endpoints.
  • Alternatively, configure the server to validate and sanitize the docs_dir and file_path arguments, rejecting any string containing '..' or absolute paths.

Generated by OpenCVE AI on April 28, 2026 at 12:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-wfr3-hf93-qgg3 mkdocs-mcp-plugin has a Path Traversal issue
History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Douinc
Douinc mkdocs-mcp-plugin
Vendors & Products Douinc
Douinc mkdocs-mcp-plugin

Mon, 27 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the "fix will be published within a few days."
Title douinc mkdocs-mcp-plugin server.py list_documents path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Douinc Mkdocs-mcp-plugin
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T12:49:01.319Z

Reserved: 2026-04-26T20:16:29.785Z

Link: CVE-2026-7159

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-04-27T22:16:18.480

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7159

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:00:15Z

Weaknesses