CVE-2026-8116

Name of the Vulnerable Software and Affected Versions huangjunsen0406 xiaozhi-mcphub versions prior to 1.0.4

Description A path traversal issue exists in the src/controllers/dxtController.ts file. A remote attacker can exploit this by manipulating the manifest.name argument, allowing unauthorized access to files or directories outside the intended folder.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.