CVE-2026-7205

Name of the Vulnerable Software and Affected Versions duartium papers-mcp-server version 9ceb3812a6458ba7922ca24a7406f8807bc55598

Description A path traversal issue exists in the search papers() function within the src/main.py file. This occurs when the topic argument is manipulated, allowing a remote attacker to access files and directories outside the intended folder.

Recommendations As a temporary workaround, restrict or validate the input for the topic argument in the search papers() function to prevent path traversal. At the moment, there is no information about a newer version that contains a fix for this vulnerability.