CVE-2026-7788
Deferred Deferred - Pending Action
Path Traversal in Axle-Bucamp MCP-Docusaurus

Publication date: 2026-05-05

Last updated on: 2026-05-05

Assigner: VulDB

Description
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of the argument DOCS_DIR/path results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-05
Generated
2026-05-07
AI Q&A
2026-05-05
EPSS Evaluated
2026-05-05
NVD
CVE-2026-7788
EUVD
EUVD-2026-27161
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
axle-bucamp mcp-docusaurus to 404bc028e15ec304c9a045528560f4b5f27a17e0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a security flaw in the Axle-Bucamp MCP-Docusaurus software, specifically in the functions update_document, continue_document, delete_document, and get_content within the file app/routes/document.py.

The flaw allows an attacker to manipulate the DOCS_DIR or path argument to perform a path traversal attack, which means they can access files and directories outside the intended scope.

The attack can be initiated remotely, and the exploit has already been publicly released, making it easier for attackers to use.


How can this vulnerability impact me? :

This vulnerability can allow an attacker to access or modify files on the server that should be protected, potentially leading to unauthorized disclosure, modification, or deletion of sensitive data.

Because the attack can be performed remotely without authentication, it increases the risk of exploitation.

The impact includes loss of confidentiality, integrity, and availability of data handled by the affected software.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The path traversal vulnerability in MCP-Docusaurus allows unauthorized access, modification, or deletion of files outside the intended documentation directory. This can lead to exposure of sensitive files, unauthorized data manipulation, and potential service disruption.

Such unauthorized access and potential data breaches can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over the confidentiality, integrity, and availability of sensitive data.

Specifically, the vulnerability's impact on confidentiality (exposure of sensitive files), integrity (arbitrary file overwrites), and availability (service disruption) conflicts with regulatory requirements for protecting personal and sensitive information.

Mitigations such as restricting service exposure, running with minimal filesystem privileges, and enforcing strict path validation are necessary to reduce compliance risks.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by testing the affected MCP-Docusaurus API endpoints for path traversal attempts. Specifically, sending requests with traversal payloads such as "../" in parameters related to document operations (update_document, continue_document, delete_document, get_content) can reveal if the system improperly handles path validation.

Detection can be performed by issuing HTTP POST requests to endpoints like /tool/update_docs or other document-related routes with crafted payloads attempting to access files outside the intended DOCS_DIR.

Example commands using curl to test for path traversal might include:

  • curl -X POST http://<target>/tool/update_docs -d '{"path": "../etc/passwd"}' -H 'Content-Type: application/json'
  • curl -X POST http://<target>/tool/delete_document -d '{"path": "../../../../etc/shadow"}' -H 'Content-Type: application/json'

Monitoring logs for unusual file access patterns or unexpected file operations outside the documentation directory can also help detect exploitation attempts.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting exposure of the MCP-Docusaurus service to untrusted networks to prevent remote exploitation.

Run the MCP service with minimal filesystem privileges to limit the impact of any successful path traversal attack.

Disable document mutation tools (such as update, continue, delete document functions) in environments where users are not fully trusted.

Implement strict path validation by enforcing resolution of paths and rejecting any traversal patterns (e.g., "../") in all document-related functions.

Ensure proper authentication and authorization controls are in place on all API endpoints to prevent unauthorized access.

Review and apply any patches or updates once the project releases a fix addressing this vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart