CVE-2026-7314 - Vulnerability Details

- eiceblue spire-doc-mcp-server base.py get_doc_path path traversal

Description

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results in path traversal. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-04-28

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw resides in the get_doc_path function of eiceblue spire-doc-mcp-server version 1.0.0 and allows an attacker to manipulate the document_name argument to perform a path traversal. This vulnerability is categorized as CWE‑22 and can be triggered remotely, potentially enabling the attacker to read or disclose sensitive files on the file system where the server is running. The impact is primarily a breach of confidentiality, and the attacker may gain access to arbitrary files within the server’s directory structure.

Affected Systems

The affected product is eiceblue spire-doc-mcp-server, currently at release 1.0.0. No other versions or products are listed as impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score is not available. The vulnerability has not been listed in CISA’s KEV catalog. Attackers can remotely trigger the traversal by supplying a crafted document_name value. Since the server processes the input without sanitization, the path traversal path can be constructed to reference files outside the intended directory. The lack of input validation and limited access controls make exploitation likely if the attacker can reach the service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

eiceblue

spire-doc-mcp-server

affected

Version	Status	Constraints
`1.0.0`	affected	—

No data.

Vendor Product Confidence Versions

Eiceblue

Spire-doc-mcp-server

100%

Version	Status	Scheme	Platform
`1.0.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a vendor-provided patch or upgrade to a fixed version of spire-doc-mcp-server if one is available.
Restrict network access to the spire-doc-mcp-server instance, allowing only trusted hosts or IP ranges to reach the service.
Implement input validation on the document_name parameter, rejecting traversal sequences such as ".." or absolute path separators, and enforce that accessed files remain within the intended directory.

Generated by OpenCVE AI on April 29, 2026 at 01:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/eiceblue/spire-doc-mcp-server/
https://github.com/eiceblue/spire-doc-mcp-server/issues/1
https://vuldb.com/submit/803080
https://vuldb.com/vuln/359962
https://vuldb.com/vuln/359962/cti

History

Wed, 29 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 29 Apr 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Eiceblue Eiceblue spire-doc-mcp-server
Vendors & Products		Eiceblue Eiceblue spire-doc-mcp-server

Tue, 28 Apr 2026 22:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results in path traversal. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title		eiceblue spire-doc-mcp-server base.py get_doc_path path traversal
Weaknesses		CWE-22
References		https://github.com/eiceblue/spire-doc-mcp-server/ https://github.com/eiceblue/spire-doc-mcp-server/issues/1 https://vuldb.com/submit/803080 https://vuldb.com/vuln/359962 https://vuldb.com/vuln/359962/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Eiceblue Spire-doc-mcp-server

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-28T19:45:14.013Z

Updated: 2026-04-29T13:59:04.051Z

Reserved: 2026-04-28T13:00:08.756Z

Link: CVE-2026-7314

Vulnrichment

Updated: 2026-04-29T13:58:42.499Z

NVD

Status : Deferred

Published: 2026-04-28T22:16:51.223

Modified: 2026-04-29T21:16:21.590

Link: CVE-2026-7314

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-29T10:10:27Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object