Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by douinc
CVE-2026-7159 (GCVE-0-2026-7159)
Vulnerability from cvelistv5 – Published: 2026-04-27 21:15 – Updated: 2026-04-28 12:49
VLAI
Title
douinc mkdocs-mcp-plugin server.py list_documents path traversal
Summary
A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the "fix will be published within a few days."
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/359758 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/359758/cti | signaturepermissions-required |
| https://vuldb.com/submit/802063 | third-party-advisory |
| https://github.com/douinc/mkdocs-mcp-plugin/issues/6 | exploitissue-tracking |
| https://github.com/douinc/mkdocs-mcp-plugin/issue… | issue-tracking |
| https://github.com/douinc/mkdocs-mcp-plugin/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| douinc | mkdocs-mcp-plugin |
Affected:
0.4.0
Affected: 0.4.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7159",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T12:48:53.676939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T12:49:01.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mkdocs-mcp-plugin",
"vendor": "douinc",
"versions": [
{
"status": "affected",
"version": "0.4.0"
},
{
"status": "affected",
"version": "0.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SmallW (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the \"fix will be published within a few days.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T21:15:14.082Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-359758 | douinc mkdocs-mcp-plugin server.py list_documents path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/359758"
},
{
"name": "VDB-359758 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/359758/cti"
},
{
"name": "Submit #802063 | douinc mkdocs-mcp-plugin 0.4.1 Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/802063"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/douinc/mkdocs-mcp-plugin/issues/6"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/douinc/mkdocs-mcp-plugin/issues/6#issuecomment-4223718119"
},
{
"tags": [
"product"
],
"url": "https://github.com/douinc/mkdocs-mcp-plugin/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-26T22:21:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "douinc mkdocs-mcp-plugin server.py list_documents path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7159",
"datePublished": "2026-04-27T21:15:14.082Z",
"dateReserved": "2026-04-26T20:16:29.785Z",
"dateUpdated": "2026-04-28T12:49:01.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}