Executive Summary

CVE-2026-7205 is a path traversal vulnerability in the duartium papers-mcp-server project, specifically in the function search_papers within src/main.py.

The vulnerability occurs because the 'topic' argument is used to build a filesystem path without proper filtering or normalization, allowing an attacker to manipulate the path to access or create files outside the intended directory.

An attacker can supply a specially crafted topic string containing directory traversal sequences (like '../') to cause the server to create or overwrite arbitrary JSON files outside the designated papers directory.

This can be exploited remotely and the exploit is publicly available.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker to create or overwrite arbitrary JSON files on the server filesystem outside the intended workspace.

The security impact includes a medium confidentiality risk because the attacker might read existing JSON content, a high integrity risk due to arbitrary file creation or modification, and a low to medium availability risk depending on the importance of the overwritten files or directories.

If exploited, it could lead to unauthorized data manipulation, potential data corruption, or disruption of service functionality.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for unusual or unauthorized calls to the search_papers function with path traversal payloads in the topic parameter.

A proof-of-concept involves sending a JSON-RPC request to the MCP server invoking search_papers with a topic containing directory traversal sequences such as "../../../../tmp/papers_poc".

To detect exploitation attempts, you can check server logs for requests containing suspicious topic values with '../' or absolute paths.

• Use grep or similar tools to search logs for traversal patterns: grep -r "\.\./" logs/
• Monitor the filesystem for unexpected creation or modification of JSON files outside the intended papers directory, e.g., find /tmp -name papers_info.json -exec ls -l {} \;
• If you have access to the server, you can attempt to reproduce the issue by running a JSON-RPC request similar to the proof-of-concept to confirm vulnerability presence.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include treating the topic parameter strictly as data rather than a filesystem path fragment.

Implement input validation to reject or sanitize directory traversal sequences such as '../' in the topic argument.

Add explicit path canonicalization and ensure that resolved paths remain within the intended papers directory root.

Run the MCP server under a low-privilege user account to limit filesystem access until a proper fix is applied.

Consider replacing arbitrary directory names derived from topic strings with safe slugs or hashes to prevent path manipulation.

Apply regression tests for traversal payloads including '../', absolute paths, Windows separators, and encoded traversal sequences to prevent recurrence.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows arbitrary file creation and modification outside the intended directory, which poses a high integrity risk and a medium confidentiality risk. This could lead to unauthorized data manipulation or exposure.

Such risks may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of data integrity and confidentiality. Unauthorized file writes and potential data leaks could violate these requirements.

However, the provided information does not explicitly discuss compliance impacts or regulatory considerations.

Useful 0 Not Useful 0