CVE-2026-7645
Path Traversal in ruvnet sublinear-time-solver
Publication date: 2026-05-02
Last updated on: 2026-05-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruvnet | consciousness-explorer | 1.1.1 |
| ruvnet | sublinear-time-solver | 1.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers to perform arbitrary file writes on the server by exploiting a path traversal flaw in the export_state function. This can lead to integrity loss and service disruption by overwriting application or user files depending on server privileges.
Such unauthorized file manipulation and potential service disruption could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of data integrity, availability, and confidentiality. Specifically, the risk of overwriting sensitive files or disrupting services may violate requirements for secure data handling and system reliability.
Mitigations such as restricting access to the vulnerable functionality, running the server with low privileges, and enforcing strict filesystem permissions are recommended to reduce the risk and help maintain compliance.
Can you explain this vulnerability to me?
CVE-2026-7645 is a vulnerability in the ruvnet sublinear-time-solver, specifically in the export_state function of the MCP Interface component. The vulnerability allows an attacker to perform a path traversal attack by manipulating the file path argument used when writing JSON state data to disk. This occurs because the application does not validate or restrict the file path, enabling an attacker to write or overwrite arbitrary files on the server.
The attack can be executed remotely by sending a crafted JSON-RPC request to the MCP server, which then writes files to locations specified by the attacker. This can lead to overwriting important files depending on the server process's filesystem permissions.
How can this vulnerability impact me? :
This vulnerability can have significant impacts including loss of integrity and availability of the affected system. An attacker can overwrite application files, user files, or other writable targets on the server, potentially disrupting services or corrupting data.
Because the vulnerability allows arbitrary file writes, it could be exploited to inject malicious code, cause denial of service by corrupting critical files, or manipulate system behavior depending on the privileges of the MCP server process.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crafted JSON-RPC requests sent to the MCP server that invoke the export_state tool with arbitrary file paths.
Detection can involve inspecting network traffic for suspicious JSON-RPC calls targeting the MCP interface, especially those attempting to write files to unusual or sensitive locations.
Additionally, checking server logs for unexpected file writes or creation of files such as /tmp/sublinear_state_poc.json can indicate exploitation attempts.
Suggested commands include using network monitoring tools like tcpdump or Wireshark to filter for JSON-RPC traffic to the MCP server port, for example:
- tcpdump -A -s 0 'tcp port <MCP_server_port> and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'export_state'
- grep -r 'export_state' /var/log/<mcp_server_logs>/
Also, file system monitoring tools like inotifywait can be used to watch for unexpected file creations or modifications in writable directories.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include not exposing the MCP server interface to untrusted or public networks to prevent remote exploitation.
Restrict access to the export_state tool by limiting which clients or users can invoke it.
Run the MCP server process with a low-privilege account that has minimal filesystem write permissions to reduce the impact of any successful exploit.
Configure filesystem permissions to restrict write access only to dedicated safe directories, preventing arbitrary file writes outside these locations.
Monitor logs and network traffic for suspicious activity related to the export_state function.