CVE-2026-7384
Received Received - Intake
Path Traversal in mcp-bases Research Server

Publication date: 2026-04-29

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7384
EUVD
EUVD-2026-26238
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ezequiroga mcp-bases *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the ezequiroga mcp-bases project, specifically in the function search_papers within the file research_server.py. It involves a path traversal issue caused by manipulating the argument 'topic'. This allows an attacker to access files or directories outside the intended scope.

The vulnerability can be exploited remotely, and the exploit code is publicly available. The project uses a rolling release model, so specific affected versions are not detailed.

Impact Analysis

Exploitation of this vulnerability can allow an attacker to perform unauthorized path traversal, potentially accessing sensitive files or data on the server running the vulnerable software.

Since the vulnerability can be exploited remotely without authentication, it increases the risk of data exposure or system compromise.

Compliance Impact

The vulnerability allows path traversal and arbitrary file write on the server, leading to high integrity risks due to unauthorized file creation or modification outside intended directories.

Such integrity risks could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of data integrity and prevention of unauthorized data modification.

However, the vulnerability is noted to have low confidentiality and availability risks, which may limit its direct impact on data privacy requirements.

No explicit information is provided about direct effects on compliance with these regulations in the provided resources.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or unauthorized path traversal attempts in the 'topic' parameter used by the search_papers function in research_server.py. Specifically, inputs containing path separators like '../' that lead to directory traversal outside the intended papers/ directory indicate exploitation attempts.

To detect exploitation attempts on your system, you can check server logs or network traffic for requests invoking the search_papers tool with suspicious topic arguments containing path traversal patterns.

Suggested commands include searching for such patterns in logs or running manual tests against the server endpoint that handles the topic parameter.

  • Use grep or similar tools to find suspicious inputs in logs, e.g., `grep -r "../" /path/to/logs`
  • Manually test the search_papers function by sending requests with payloads like '../escape-test' to see if the server creates files or directories outside the intended scope.
Mitigation Strategies

Immediate mitigation steps include rejecting any topic parameter values that contain path separators or suspicious characters that could lead to path traversal.

Enforce path containment by canonicalizing and validating paths to ensure they remain within the intended papers/ directory.

Restrict access to the search_papers tool to trusted users only, limiting network exposure.

Consider using opaque identifiers instead of user-controlled strings for topic parameters to prevent direct filesystem path manipulation.

Apply patches or updates once available that add proper sanitization, canonicalization, and regression tests to prevent this vulnerability.

Executive Summary

CVE-2026-7384 is a Path Traversal and Arbitrary File Write vulnerability in the mcp-bases tool, specifically in the research_server.py component.

The vulnerability occurs because the server accepts user-controlled input for the "topic" parameter without proper sanitization or canonicalization.

When a malicious input like "../escape-test" is provided, the server constructs a filesystem path by joining the base directory with the topic, allowing directory traversal outside the intended storage directory (papers/).

This enables attackers to create or overwrite files and directories outside the intended scope, such as papers/../escape-test/papers_info.json.

The vulnerability affects both the search_papers tool and the papers://{topic} resource handler.

Impact Analysis

This vulnerability allows remote attackers to perform arbitrary file writes on the server hosting the mcp-bases tool.

The security impact includes high integrity risks because attackers can create or overwrite files outside the intended directories.

Confidentiality and availability risks are considered low.

Exploitation requires network access to the server and write permissions in the server's working directory.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or unauthorized path traversal attempts targeting the "topic" parameter in the search_papers function of research_server.py. Specifically, look for inputs containing path separators such as "../" that attempt to access directories outside the intended papers/ folder.

You can detect exploitation attempts by searching for creation of unexpected directories or files outside the papers/ directory, such as papers/../escape-test/papers_info.json.

Suggested commands to detect potential exploitation attempts include:

  • On the server, use file system monitoring commands to find unexpected files or directories created outside the intended path, for example:
  • find /path/to/papers/.. -type f -name "papers_info.json"
  • grep for suspicious "topic" parameter values in server logs or application logs, e.g.:
  • grep -r "../" /path/to/mcp-bases/logs/
  • Monitor network traffic for unusual requests invoking the search_papers tool with path traversal payloads.
Mitigation Strategies

Immediate mitigation steps include:

  • Reject or sanitize any "topic" parameter values containing path separators such as "../" to prevent directory traversal.
  • Enforce path containment by canonicalizing paths before use to ensure they remain within the intended papers/ directory.
  • Restrict access to the search_papers tool to trusted users only.
  • Implement input validation to use opaque identifiers instead of user-controlled file paths.
  • Monitor and audit file system changes to detect unauthorized file writes.

A recommended fix involves updating the code to canonicalize paths and adding regression tests to prevent recurrence.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7384. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart