CVE-2026-7810: Path Traversal in UsamaK98 python-notebook-mcp
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
AI Analysis
Technical Summary
A path traversal vulnerability exists in the UsamaK98 python-notebook-mcp project up to commit a05a232815809a7e425b5fa7be26e0d4369894c2. The affected functions create_notebook, read_notebook, edit_cell, and add_cell in server.py improperly handle file paths, enabling remote attackers to traverse directories and access files outside the intended scope. The vulnerability is remotely exploitable without authentication or user interaction. The project employs a rolling release model, so no fixed version is identified, and the vendor has not yet issued a patch or advisory. Exploit code is publicly available, but no active exploitation has been reported.
Potential Impact
Successful exploitation could allow an unauthenticated remote attacker to read or manipulate files on the server by traversing directories beyond the intended notebook storage paths. This could lead to unauthorized disclosure or modification of sensitive data. The CVSS 4.0 score of 6.9 reflects a medium severity impact with low vector complexity and no required privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the project has not responded or released a fix, users should monitor the project repository and issue tracker for updates. In the meantime, restricting network access to the affected service and employing file system access controls may reduce exposure.
CVE-2026-7810: Path Traversal in UsamaK98 python-notebook-mcp
Description
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
CVSS v4.0
Score 6.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A path traversal vulnerability exists in the UsamaK98 python-notebook-mcp project up to commit a05a232815809a7e425b5fa7be26e0d4369894c2. The affected functions create_notebook, read_notebook, edit_cell, and add_cell in server.py improperly handle file paths, enabling remote attackers to traverse directories and access files outside the intended scope. The vulnerability is remotely exploitable without authentication or user interaction. The project employs a rolling release model, so no fixed version is identified, and the vendor has not yet issued a patch or advisory. Exploit code is publicly available, but no active exploitation has been reported.
Potential Impact
Successful exploitation could allow an unauthenticated remote attacker to read or manipulate files on the server by traversing directories beyond the intended notebook storage paths. This could lead to unauthorized disclosure or modification of sensitive data. The CVSS 4.0 score of 6.9 reflects a medium severity impact with low vector complexity and no required privileges or user interaction.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the project has not responded or released a fix, users should monitor the project repository and issue tracker for updates. In the meantime, restricting network access to the affected service and employing file system access controls may reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-04T21:22:13.227Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f96cc0cbff5d86109c392e
Added to database: 5/5/2026, 4:06:24 AM
Last enriched: 5/12/2026, 6:20:39 AM
Last updated: 6/19/2026, 3:45:21 PM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.