Executive Summary

CVE-2026-8116 is a Path Traversal vulnerability in the xiaozhi-mcphub project affecting the authenticated DXT upload handler.

The vulnerability occurs because the application uses an untrusted value from the manifest.json file (manifest.name) to construct the extraction directory path without proper sanitization or validation.

An attacker who can upload a crafted .dxt file with a malicious manifest.name containing path traversal sequences (like "../../") can manipulate the extraction path to move files outside the intended upload directory.

This can be exploited remotely by an authenticated user who has access to the DXT upload route.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker to place or overwrite files outside the intended upload directory, potentially disrupting application data or runtime files.

The security impact includes high risks to integrity and availability of the system.

Confidentiality impact is considered low.

If exploited, the attacker could disrupt the normal operation of the application by modifying or replacing critical files.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves a path traversal attack via the manifest.name field in a .dxt archive upload to the xiaozhi-mcphub application. Detection involves monitoring for suspicious uploads containing path traversal sequences such as "../" in the manifest.name field within the manifest.json file inside .dxt archives.

Since exploitation requires authentication and uploading a crafted .dxt file, detection can include auditing upload requests to the DXT upload route for unusual or malicious payloads.

Suggested commands or methods to detect this vulnerability include:

• Inspect uploaded .dxt files for manifest.json files containing manifest.name fields with path traversal patterns (e.g., "../").
• Use file system monitoring tools to detect unexpected file creations or moves outside the intended upload directory (data/uploads/dxt).
• Review web server logs or application logs for authenticated upload requests to the DXT upload endpoint that include suspicious filenames or paths.
• Example command to search for path traversal patterns in uploaded manifest.json files (assuming access to upload directory): find data/uploads/dxt -name 'manifest.json' -exec grep -H '\.\./' {} \;

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps focus on preventing exploitation by restricting access and sanitizing inputs.

• Disable DXT uploads for untrusted or low-privileged users to reduce the attack surface.
• Restrict the DXT upload route to administrators or trusted users only.
• Run the service with limited filesystem permissions to prevent writing outside the intended upload directory.
• Implement input validation and sanitization on the manifest.name field to reject absolute paths or path traversal sequences.
• Validate that the final extraction directory remains within the intended upload directory before performing filesystem operations.
• Apply or develop regression tests to detect various path traversal techniques in uploads.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows an authenticated attacker to perform path traversal during file extraction, potentially overwriting or placing files outside the intended directory. This can lead to high integrity and availability risks by disrupting application data or runtime files.

While the confidentiality impact is low, the ability to manipulate files arbitrarily on the server could indirectly affect compliance with standards like GDPR or HIPAA, which require protection of data integrity and availability.

Specifically, unauthorized modification or disruption of files could lead to non-compliance with regulations mandating secure handling and protection of sensitive data and system integrity.

Useful 0 Not Useful 0