Search
Find a vulnerability
Search criteria
2 vulnerabilities by puchunjie
CVE-2026-7738 (GCVE-0-2026-7738)
Vulnerability from nvd – Published: 2026-05-04 06:00 – Updated: 2026-05-05 19:02
VLAI
EPSS
VEX
Title
puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
Summary
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360913 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360913/cti | signaturepermissions-required |
| https://vuldb.com/submit/807642 | third-party-advisory |
| https://github.com/puchunjie/doc-tools-mcp/issues/4 | issue-tracking |
| https://github.com/BruceJqs/public_exp/issues/38 | exploitissue-tracking |
| https://github.com/puchunjie/doc-tools-mcp/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| puchunjie | doc-tools-mcp |
Affected:
1.0.18
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7738",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T18:39:18.279288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T19:02:30.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/puchunjie/doc-tools-mcp/issues/4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"MCP Interface"
],
"product": "doc-tools-mcp",
"vendor": "puchunjie",
"versions": [
{
"status": "affected",
"version": "1.0.18"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BruceJqs (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T06:00:17.307Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360913 | puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360913"
},
{
"name": "VDB-360913 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360913/cti"
},
{
"name": "Submit #807642 | puchunjie @puchunjie/doc-tools-mcp 1.0.18, Commit c96df45a16710a3eec41a7a94c32b81468db28ea Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807642"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/puchunjie/doc-tools-mcp/issues/4"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/BruceJqs/public_exp/issues/38"
},
{
"tags": [
"product"
],
"url": "https://github.com/puchunjie/doc-tools-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T18:24:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7738",
"datePublished": "2026-05-04T06:00:17.307Z",
"dateReserved": "2026-05-03T16:19:25.125Z",
"dateUpdated": "2026-05-05T19:02:30.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7738 (GCVE-0-2026-7738)
Vulnerability from cvelistv5 – Published: 2026-05-04 06:00 – Updated: 2026-05-05 19:02
VLAI
EPSS
VEX
Title
puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal
Summary
A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360913 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360913/cti | signaturepermissions-required |
| https://vuldb.com/submit/807642 | third-party-advisory |
| https://github.com/puchunjie/doc-tools-mcp/issues/4 | issue-tracking |
| https://github.com/BruceJqs/public_exp/issues/38 | exploitissue-tracking |
| https://github.com/puchunjie/doc-tools-mcp/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| puchunjie | doc-tools-mcp |
Affected:
1.0.18
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7738",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T18:39:18.279288Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T19:02:30.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/puchunjie/doc-tools-mcp/issues/4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"MCP Interface"
],
"product": "doc-tools-mcp",
"vendor": "puchunjie",
"versions": [
{
"status": "affected",
"version": "1.0.18"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BruceJqs (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T06:00:17.307Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360913 | puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360913"
},
{
"name": "VDB-360913 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360913/cti"
},
{
"name": "Submit #807642 | puchunjie @puchunjie/doc-tools-mcp 1.0.18, Commit c96df45a16710a3eec41a7a94c32b81468db28ea Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807642"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/puchunjie/doc-tools-mcp/issues/4"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/BruceJqs/public_exp/issues/38"
},
{
"tags": [
"product"
],
"url": "https://github.com/puchunjie/doc-tools-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T18:24:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7738",
"datePublished": "2026-05-04T06:00:17.307Z",
"dateReserved": "2026-05-03T16:19:25.125Z",
"dateUpdated": "2026-05-05T19:02:30.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}