Description
A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-04-28
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Path Traversal (local file disclosure)
Action: Monitor
AI Analysis

Impact

The flaw resides in the search_papers function of src/main.py. By manipulating the query parameter topic, an attacker can craft a request that causes the application to construct a filesystem path containing directory traversal sequences such as ../. This allows the server to access files outside its intended directory, potentially revealing sensitive data. The vulnerability can be triggered remotely and the exploit code is publicly available.

Affected Systems

The affected product is duartium's papers‑mcp‑server, specifically the version identified by commit 9ceb3812a6458ba7922ca24a7406f8807bc55598. No other vendors or product variants are listed in the CNA data.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity risk. Because the EPSS score is not provided, the exact likelihood of exploitation is unclear, but the vulnerability is listed as not in the CISA KEV catalog. The public availability of an exploit and the ability to conduct the attack remotely increase the practical risk. An adversary could read arbitrary files on the host, which may contain configuration settings, secrets, or user data.

Generated by OpenCVE AI on April 28, 2026 at 12:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Validate and sanitize the 'topic' input to remove or reject path traversal sequences before the value is used to build file paths.
  • Run the papers‑mcp‑server process in a confined environment, such as a chroot jail or with strict file‑system permissions, so that even if traversal succeeds it cannot reach critical system files.
  • Implement monitoring that logs attempts to access disallowed paths and alert administrators when such attempts occur.
  • Check the project's repository for an updated commit that addresses the bug; if a fix becomes available, apply it promptly.

Generated by OpenCVE AI on April 28, 2026 at 12:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Duartium
Duartium papers-mcp-server
Vendors & Products Duartium
Duartium papers-mcp-server

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
Title duartium papers-mcp-server main.py search_papers path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Duartium Papers-mcp-server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-28T14:34:29.738Z

Reserved: 2026-04-27T14:02:16.278Z

Link: CVE-2026-7205

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-04-28T01:16:01.970

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7205

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:45:31Z

Weaknesses