Vulnerabilities ›

CVE-2026-7217

Medium

CWE-22 — Weakness Type

                    Published: Apr 28, 2026                      ·  Modified: May 1, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

CVE-2026-7217 is a path traversal vulnerability in Deepractice PromptX up to version 2.4.0 affecting document file handlers for DOCX, XLSX, PPTX, and PDF files. An attacker can manipulate the path argument to access files outside intended directories through absolute path traversal.

📄 Description (Arabic)

تم اكتشاف ثغرة اجتياز مسار في Deepractice PromptX تؤثر على وحدات معالجة الملفات بما في ذلك DOCX و XLSX و PPTX و PDF. يمكن للمهاجمين البعيدين استغلال معاملات المسار غير المصفاة للوصول إلى ملفات عشوائية على النظام. تم الإفصاح عن الاستغلال علناً والفريق لم يستجب بعد.

🤖 ملخص تنفيذي (AI)

This vulnerability allows remote attackers to read arbitrary files on affected systems by exploiting path traversal in document processing functions. Organizations using Deepractice PromptX should immediately upgrade to patched versions to prevent unauthorized file access.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 05:55

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government banking healthcare

🎯 MITRE ATT&CK Techniques

T1083 T1105 T1190

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Deepractice PromptX to version 2.4.1 or later immediately. Implement input validation and sanitization for all file path parameters. Apply principle of least privilege to file system access. Monitor file access logs for suspicious path traversal attempts.

🔧 خطوات المعالجة (العربية)

قم بترقية Deepractice PromptX إلى الإصدار 2.4.1 أو أحدث فوراً. طبق التحقق من صحة المدخلات وتنظيفها لجميع معاملات مسار الملف. طبق مبدأ أقل صلاحية لوصول نظام الملفات. راقب سجلات الوصول إلى الملفات للكشف عن محاولات اجتياز المسار المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.AC-1 PR.AC-3

🟡 ISO 27001:2022

A.6.1.1 A.12.4.1 A.14.2.1

🔗 References & Sources 5

🔗

https://github.com/Deepractice/PromptX/

cna@vuldb.com

🔗

https://github.com/Deepractice/PromptX/issues/571

cna@vuldb.com

🔗

https://vuldb.com/submit/802120

cna@vuldb.com

🔗

https://vuldb.com/vuln/359817

cna@vuldb.com

🔗

https://vuldb.com/vuln/359817/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-22

EPSS0.06%

Exploit No

Patch ✗ No

Published 2026-04-28

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7217

Introduce Yourself

Sign In Required