PT-2026-35828 · Eiceblue · Spire-Pdf-Mcp-Server
Littlew
·
Published
2026-04-28
·
Updated
2026-04-29
·
CVE-2026-7315
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get pdf path of the file src/spire pdf mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spire-Pdf-Mcp-Server