PT-2026-35532 · Unknown · Mkdocs-Mcp-Plugin
Smallw
·
Published
2026-04-27
·
Updated
2026-04-28
·
CVE-2026-7159
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
douinc mkdocs-mcp-plugin versions prior to 0.4.2
Description
A path traversal issue exists in the
read document() and list documents() functions within the server.py file. A remote attacker can exploit this by manipulating the docs dir or file path arguments to access files outside the intended directory.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict access to the
read document() and list documents() functions to minimize the risk of exploitation.Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mkdocs-Mcp-Plugin