Vulnerabilities ›

CVE-2026-7318

Medium

CWE-22 — Weakness Type

                    Published: Apr 28, 2026                      ·  Modified: May 1, 2026                      ·  Source: NVD                

CVSS v3

5.9

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic results in path traversal. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

🤖 AI Executive Summary

A path traversal vulnerability exists in elie mcp-project 0.1.0's search_papers function that allows local attackers to access unauthorized files by manipulating the topic argument. The vulnerability requires local access and has been publicly disclosed without a vendor response.

📄 Description (Arabic)

ثغرة اجتياز المسار في دالة search_papers بملف research_server.py في مشروع elie mcp-project الإصدار 0.1.0 تسمح للمهاجمين المحليين بالوصول إلى ملفات غير مصرح بها. تتطلب الثغرة وصول محلي وقد تم الكشف عنها علنا دون رد من المورد.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 24, 2026 13:07

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government healthcare

🎯 MITRE ATT&CK Techniques

T1083 T1526

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Update elie mcp-project to a patched version when available. Implement strict input validation and sanitization for the topic parameter. Restrict file system access permissions for the application. Monitor and log all file access attempts. Apply principle of least privilege for user accounts running the service.

🔧 خطوات المعالجة (العربية)

قم بتحديث مشروع elie mcp-project إلى نسخة معالجة عند توفرها. قم بتطبيق التحقق الصارم من صحة المدخلات وتنظيفها لمعامل topic. قيد أذونات الوصول إلى نظام الملفات للتطبيق. راقب وسجل جميع محاولات الوصول إلى الملفات. طبق مبدأ أقل امتياز لحسابات المستخدمين التي تشغل الخدمة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.12.4.1

🔵 SAMA CSF

ID.AM-2 PR.AC-1 PR.AC-3

🟡 ISO 27001:2022

A.6.1.1 A.9.1.1 A.9.2.1 A.12.4.1

🔗 References & Sources 4

🔗

https://github.com/elie/mcp-research-server/issues/1

cna@vuldb.com

🔗

https://vuldb.com/submit/803083

cna@vuldb.com

🔗

https://vuldb.com/vuln/359971

cna@vuldb.com

🔗

https://vuldb.com/vuln/359971/cti

cna@vuldb.com

📊 CVSS Score

5.9

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.9

CWECWE-22

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-04-28

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7318

Introduce Yourself

Sign In Required