Description
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A path traversal vulnerability exists in the open_document handler of doc-tools-mcp 1.0.18 that allows an attacker to supply a crafted file path and read files outside of the intended directory. This can expose confidential data such as configuration files or logs. The flaw uses a standard traversal technique covered by CWE‑22.

Affected Systems

The product affected is puchunjie:doc-tools-mcp; the vulnerable version is 1.0.18. No other versions are listed, so the known risk begins with that release.

Risk and Exploitability

The CVSS score of 5.3 points to medium severity. No EPSS data is available and the vulnerability is not in the KEV catalog yet, but public code to exploit the flaw has already appeared. The attack can be launched remotely through the exposed MCP service. While the impact is primarily confidentiality, any access to sensitive files could also lead to further compromises.

Generated by OpenCVE AI on May 4, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a newer release of doc-tools-mcp once the vendor releases a fix
  • Restrict network access to the MCP service, limiting connections to trusted hosts only
  • Disable or remove the open_document endpoint if possible, or implement strict input validation that rejects relative or absolute paths
  • Monitor file access logs for anomalous requests and block suspicious activity

Generated by OpenCVE AI on May 4, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Puchunjie
Puchunjie doc-tools-mcp
Vendors & Products Puchunjie
Puchunjie doc-tools-mcp

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Puchunjie Doc-tools-mcp
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T06:00:17.307Z

Reserved: 2026-05-03T16:19:25.125Z

Link: CVE-2026-7738

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-04T07:16:01.873

Modified: 2026-05-04T15:17:58.710

Link: CVE-2026-7738

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T16:06:04Z

Weaknesses