CVE-2026-7217
Received Received - Intake
Absolute Path Traversal in Deepractice PromptX Document Handler

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: VulDB

Description
A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7217
EUVD
EUVD-2026-25973
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
deepractice promptx to 2.4.0 (inc)
deepractice promptx mcp-office
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-36 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7217 is a security vulnerability in Deepractice PromptX up to version 2.4.0, specifically in the Document File Handler component's functions like read_docx, read_xlsx, read_pptx, list_xlsx_sheets, and read_pdf. The issue arises because these functions accept a user-supplied file path argument and use it directly in filesystem operations without proper validation or boundary checks.

This lack of path normalization and workspace boundary enforcement allows an attacker to perform absolute path traversal, meaning they can read arbitrary local Office or PDF files outside the intended workspace by supplying absolute paths.

The vulnerability can be exploited remotely if the attacker can invoke the mcp-office server or cause an agent/client to call one of its tools. The exploit has been publicly disclosed and confirmed with a proof of concept.

Impact Analysis

This vulnerability primarily impacts the confidentiality of data on the affected system. An attacker who can exploit this flaw can read arbitrary local Office or PDF files, potentially exposing sensitive or confidential information stored on the system.

The integrity of the system is not affected since the vulnerability is read-only, and availability impact is low, although malformed inputs might cause errors or resource consumption.

Because the vulnerability allows access to files outside the intended workspace, it broadens the scope of potential data exposure beyond what was originally intended by the application.

Detection Guidance

This vulnerability can be detected by monitoring for attempts to invoke the mcp-office server tools with absolute file paths outside the intended workspace directory. Specifically, look for JSON-RPC requests calling functions like read_docx, read_xlsx, read_pptx, list_xlsx_sheets, or read_pdf with file path arguments that are absolute and outside approved directories.

To detect exploitation attempts or verify if your system is vulnerable, you can check logs for such requests or attempt to reproduce the issue by sending crafted JSON-RPC requests to the mcp-office server.

Example commands to test or detect the vulnerability could include using curl or similar tools to send JSON-RPC requests with absolute paths:

  • curl -X POST http://<mcp-office-server>/rpc -d '{"method":"read_docx","params":{"filePath":"/absolute-path-outside-workspace/promptx-poc/secret.docx"}}' -H 'Content-Type: application/json'
  • Check server logs for calls to fs.readFileSync or AdmZip with absolute paths outside the workspace.

Additionally, static code analysis or auditing the source code for direct usage of user-supplied file paths in filesystem operations without normalization or boundary checks can help detect the vulnerability.

Mitigation Strategies

Immediate mitigation steps include disabling or removing the built-in mcp-office server if it is not needed.

Restrict invocation of the vulnerable tools to trusted users or agents only to prevent unauthorized access.

Implement a readable-root allowlist that enforces file path restrictions before any filesystem access is performed.

Reject any file paths that resolve outside explicitly approved workspace directories to prevent absolute path traversal.

Compliance Impact

This vulnerability allows an attacker to read arbitrary local Office or PDF files outside the intended workspace boundary, leading to a high confidentiality impact. Such unauthorized access to sensitive documents could result in exposure of personal or protected data.

Because the vulnerability enables unauthorized disclosure of potentially sensitive information, it may negatively impact compliance with data protection regulations such as GDPR and HIPAA, which require strict controls on access to personal and protected health information.

Organizations using the affected software should consider this vulnerability a risk to confidentiality and take appropriate mitigation steps to maintain compliance with relevant standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart