CVE-2026-7738— puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal

puchunjie doc-tools-mcp MCP mcp-server.ts open_document path traversal

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

对路径名的限制不恰当(路径遍历)

Word Tools MCP Server 路径遍历漏洞

Word Tools MCP Server是jeremy Pu个人开发者的一个AI驱动的Word文档操作工具。 Word Tools MCP Server 1.0.18版本存在路径遍历漏洞，该漏洞源于组件MCP Interface中文件src/mcp-server.ts的函数create_document/open_document对参数filePath操作导致路径遍历，攻击者可远程执行攻击。

N/A

N/A