CVE-2026-7314: Path Traversal in eiceblue spire-doc-mcp-server
CVE-2026-7314 is a path traversal vulnerability in eiceblue spire-doc-mcp-server version 1.0.0. It affects the get_doc_path function in the src/spire_doc_mcp/api/base.py file, allowing remote attackers to manipulate the document_name argument to traverse directories. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. The issue was reported to the project early, but no response or patch has been provided yet. Exploit code is publicly available, though no known exploitation in the wild has been confirmed.
AI Analysis
Technical Summary
This vulnerability in eiceblue spire-doc-mcp-server 1.0.0 allows an unauthenticated remote attacker to perform path traversal by manipulating the document_name parameter in the get_doc_path function. This can lead to unauthorized access to files outside the intended directory. The vulnerability is confirmed and publicly disclosed with a CVSS 4.0 score of 6.9 (medium severity). No official fix or remediation guidance has been published by the vendor as of the latest information.
Potential Impact
Successful exploitation could allow an attacker to read arbitrary files on the server by traversing directories via the manipulated document_name argument. This may lead to information disclosure depending on the server's file permissions and contents accessible to the application process. There is no evidence of known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or released a fix, users should consider implementing temporary mitigations such as input validation or restricting access to the affected service until an official patch is available.
CVE-2026-7314: Path Traversal in eiceblue spire-doc-mcp-server
Description
CVE-2026-7314 is a path traversal vulnerability in eiceblue spire-doc-mcp-server version 1.0.0. It affects the get_doc_path function in the src/spire_doc_mcp/api/base.py file, allowing remote attackers to manipulate the document_name argument to traverse directories. The vulnerability has a CVSS 4.0 base score of 6.9, indicating medium severity. The issue was reported to the project early, but no response or patch has been provided yet. Exploit code is publicly available, though no known exploitation in the wild has been confirmed.
CVSS v4.0
Score 6.9medium
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in eiceblue spire-doc-mcp-server 1.0.0 allows an unauthenticated remote attacker to perform path traversal by manipulating the document_name parameter in the get_doc_path function. This can lead to unauthorized access to files outside the intended directory. The vulnerability is confirmed and publicly disclosed with a CVSS 4.0 score of 6.9 (medium severity). No official fix or remediation guidance has been published by the vendor as of the latest information.
Potential Impact
Successful exploitation could allow an attacker to read arbitrary files on the server by traversing directories via the manipulated document_name argument. This may lead to information disclosure depending on the server's file permissions and contents accessible to the application process. There is no evidence of known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or released a fix, users should consider implementing temporary mitigations such as input validation or restricting access to the affected service until an official patch is available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-28T13:00:08.756Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f1649ccbff5d861047ebfc
Added to database: 4/29/2026, 1:53:32 AM
Last enriched: 5/6/2026, 2:17:18 AM
Last updated: 6/12/2026, 7:14:00 PM
Views: 36
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.