CVE-2026-7384
Path Traversal in mcp-bases Research Server
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ezequiroga | mcp-bases | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows path traversal and arbitrary file write on the server, leading to high integrity risks due to unauthorized file creation or modification outside intended directories.
Such integrity risks could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of data integrity and prevention of unauthorized data modification.
However, the vulnerability is noted to have low confidentiality and availability risks, which may limit its direct impact on data privacy requirements.
No explicit information is provided about direct effects on compliance with these regulations in the provided resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized path traversal attempts in the 'topic' parameter used by the search_papers function in research_server.py. Specifically, inputs containing path separators like '../' that lead to directory traversal outside the intended papers/ directory indicate exploitation attempts.
To detect exploitation attempts on your system, you can check server logs or network traffic for requests invoking the search_papers tool with suspicious topic arguments containing path traversal patterns.
Suggested commands include searching for such patterns in logs or running manual tests against the server endpoint that handles the topic parameter.
- Use grep or similar tools to find suspicious inputs in logs, e.g., `grep -r "../" /path/to/logs`
- Manually test the search_papers function by sending requests with payloads like '../escape-test' to see if the server creates files or directories outside the intended scope.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include rejecting any topic parameter values that contain path separators or suspicious characters that could lead to path traversal.
Enforce path containment by canonicalizing and validating paths to ensure they remain within the intended papers/ directory.
Restrict access to the search_papers tool to trusted users only, limiting network exposure.
Consider using opaque identifiers instead of user-controlled strings for topic parameters to prevent direct filesystem path manipulation.
Apply patches or updates once available that add proper sanitization, canonicalization, and regression tests to prevent this vulnerability.
Can you explain this vulnerability to me?
CVE-2026-7384 is a Path Traversal and Arbitrary File Write vulnerability in the mcp-bases tool, specifically in the research_server.py component.
The vulnerability occurs because the server accepts user-controlled input for the "topic" parameter without proper sanitization or canonicalization.
When a malicious input like "../escape-test" is provided, the server constructs a filesystem path by joining the base directory with the topic, allowing directory traversal outside the intended storage directory (papers/).
This enables attackers to create or overwrite files and directories outside the intended scope, such as papers/../escape-test/papers_info.json.
The vulnerability affects both the search_papers tool and the papers://{topic} resource handler.
How can this vulnerability impact me? :
This vulnerability allows remote attackers to perform arbitrary file writes on the server hosting the mcp-bases tool.
The security impact includes high integrity risks because attackers can create or overwrite files outside the intended directories.
Confidentiality and availability risks are considered low.
Exploitation requires network access to the server and write permissions in the server's working directory.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized path traversal attempts targeting the "topic" parameter in the search_papers function of research_server.py. Specifically, look for inputs containing path separators such as "../" that attempt to access directories outside the intended papers/ folder.
You can detect exploitation attempts by searching for creation of unexpected directories or files outside the papers/ directory, such as papers/../escape-test/papers_info.json.
Suggested commands to detect potential exploitation attempts include:
- On the server, use file system monitoring commands to find unexpected files or directories created outside the intended path, for example:
- find /path/to/papers/.. -type f -name "papers_info.json"
- grep for suspicious "topic" parameter values in server logs or application logs, e.g.:
- grep -r "../" /path/to/mcp-bases/logs/
- Monitor network traffic for unusual requests invoking the search_papers tool with path traversal payloads.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Reject or sanitize any "topic" parameter values containing path separators such as "../" to prevent directory traversal.
- Enforce path containment by canonicalizing paths before use to ensure they remain within the intended papers/ directory.
- Restrict access to the search_papers tool to trusted users only.
- Implement input validation to use opaque identifiers instead of user-controlled file paths.
- Monitor and audit file system changes to detect unauthorized file writes.
A recommended fix involves updating the code to canonicalize paths and adding regression tests to prevent recurrence.
Can you explain this vulnerability to me?
This vulnerability exists in the ezequiroga mcp-bases project, specifically in the function search_papers within the file research_server.py. It involves a path traversal issue caused by manipulating the argument 'topic'. This allows an attacker to access files or directories outside the intended scope.
The vulnerability can be exploited remotely, and the exploit code is publicly available. The project uses a rolling release model, so specific affected versions are not detailed.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to perform unauthorized path traversal, potentially accessing sensitive files or data on the server running the vulnerable software.
Since the vulnerability can be exploited remotely without authentication, it increases the risk of data exposure or system compromise.