PT-2026-35828 · Eiceblue · Spire-Pdf-Mcp-Server

Littlew

Publicado

2026-04-28

Atualizado

2026-04-29

CVE-2026-7315

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get pdf path of the file src/spire pdf mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2026-7315

Produtos afetados

Spire-Pdf-Mcp-Server

PT-2026-35828 · Eiceblue · Spire-Pdf-Mcp-Server

CVE-2026-7315

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8