CVE-2026-7738

Name of the Vulnerable Software and Affected Versions puchunjie doc-tools-mcp version 1.0.18

Description A path traversal flaw exists in the MCP Interface component within the file src/mcp-server.ts. Remote attackers can exploit this by manipulating the filePath argument used in the create document() and open document() functions. Path traversal is a technique that allows an attacker to access files and directories outside the intended folder by using special character sequences.

Recommendations As a temporary workaround, restrict or validate the filePath argument used in the create document() and open document() functions to prevent unauthorized directory access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.