CVE-2026-7217
Absolute Path Traversal in Deepractice PromptX Document Handler
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| deepractice | promptx | to 2.4.0 (inc) |
| deepractice | promptx | mcp-office |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-36 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7217 is a security vulnerability in Deepractice PromptX up to version 2.4.0, specifically in the Document File Handler component's functions like read_docx, read_xlsx, read_pptx, list_xlsx_sheets, and read_pdf. The issue arises because these functions accept a user-supplied file path argument and use it directly in filesystem operations without proper validation or boundary checks.
This lack of path normalization and workspace boundary enforcement allows an attacker to perform absolute path traversal, meaning they can read arbitrary local Office or PDF files outside the intended workspace by supplying absolute paths.
The vulnerability can be exploited remotely if the attacker can invoke the mcp-office server or cause an agent/client to call one of its tools. The exploit has been publicly disclosed and confirmed with a proof of concept.
How can this vulnerability impact me? :
This vulnerability primarily impacts the confidentiality of data on the affected system. An attacker who can exploit this flaw can read arbitrary local Office or PDF files, potentially exposing sensitive or confidential information stored on the system.
The integrity of the system is not affected since the vulnerability is read-only, and availability impact is low, although malformed inputs might cause errors or resource consumption.
Because the vulnerability allows access to files outside the intended workspace, it broadens the scope of potential data exposure beyond what was originally intended by the application.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for attempts to invoke the mcp-office server tools with absolute file paths outside the intended workspace directory. Specifically, look for JSON-RPC requests calling functions like read_docx, read_xlsx, read_pptx, list_xlsx_sheets, or read_pdf with file path arguments that are absolute and outside approved directories.
To detect exploitation attempts or verify if your system is vulnerable, you can check logs for such requests or attempt to reproduce the issue by sending crafted JSON-RPC requests to the mcp-office server.
Example commands to test or detect the vulnerability could include using curl or similar tools to send JSON-RPC requests with absolute paths:
- curl -X POST http://<mcp-office-server>/rpc -d '{"method":"read_docx","params":{"filePath":"/absolute-path-outside-workspace/promptx-poc/secret.docx"}}' -H 'Content-Type: application/json'
- Check server logs for calls to fs.readFileSync or AdmZip with absolute paths outside the workspace.
Additionally, static code analysis or auditing the source code for direct usage of user-supplied file paths in filesystem operations without normalization or boundary checks can help detect the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or removing the built-in mcp-office server if it is not needed.
Restrict invocation of the vulnerable tools to trusted users or agents only to prevent unauthorized access.
Implement a readable-root allowlist that enforces file path restrictions before any filesystem access is performed.
Reject any file paths that resolve outside explicitly approved workspace directories to prevent absolute path traversal.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to read arbitrary local Office or PDF files outside the intended workspace boundary, leading to a high confidentiality impact. Such unauthorized access to sensitive documents could result in exposure of personal or protected data.
Because the vulnerability enables unauthorized disclosure of potentially sensitive information, it may negatively impact compliance with data protection regulations such as GDPR and HIPAA, which require strict controls on access to personal and protected health information.
Organizations using the affected software should consider this vulnerability a risk to confidentiality and take appropriate mitigation steps to maintain compliance with relevant standards.