PT-2026-35649 · Deepractice · Promptx

Brucejin

Published

2026-04-28

Updated

2026-04-28

CVE-2026-7217

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Deepractice PromptX versions prior to 2.4.0

Description An absolute path traversal issue exists in the Document File Handler component within the file packages/mcp-office/src/index.ts. The flaw occurs when the path argument is manipulated in the read docx(), read xlsx(), read pptx(), list xlsx sheets(), or read pdf() functions, allowing for remote execution of the attack.

Recommendations As a temporary workaround, restrict access to the read docx(), read xlsx(), read pptx(), list xlsx sheets(), and read pdf() functions until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-36

Related Identifiers

CVE-2026-7217

Affected Products

Promptx

PT-2026-35649 · Deepractice · Promptx

CVE-2026-7217

Weakness Enumeration

Related Identifiers

Affected Products

References · 8