CVE-2026-7645

Name of the Vulnerable Software and Affected Versions ruvnet sublinear-time-solver version 1.5.0

Description A path traversal issue exists in the MCP Interface component. A remote attacker can manipulate the export state() function within the src/consciousness-explorer/mcp/server.js file to access files and directories outside the intended folder. Path traversal is a technique that allows an attacker to read or write files on the server by manipulating file paths.

Recommendations As a temporary workaround, restrict access to the export state() function in the MCP Interface until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.