PT-2026-36551 · Hwpx-Mcp · Hwpx-Mcp
Eternity
·
Published
2026-05-01
·
Updated
2026-05-01
·
CVE-2026-7599
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Dayoooun hwpx-mcp version 0.2.0
Description
A path traversal issue exists in the MCP Interface component within the file mcp-server/src/index.ts. Manipulation of the
output path argument in the functions save document(), export to text(), and export to html() allows for remote exploitation.Recommendations
As a temporary workaround, restrict or avoid using the
output path argument in the save document(), export to text(), and export to html() functions until a fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hwpx-Mcp