Vulnerabilities ›

CVE-2026-7319

High

CWE-22 — Weakness Type

                    Published: Apr 28, 2026                      ·  Modified: May 5, 2026                      ·  Source: NVD                

CVSS v3

7.3

🔗 NVD Official

📄 Description (English)

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used.

🤖 AI Executive Summary

CVE-2026-7319 is a path traversal vulnerability in elinsky execution-system-mcp 0.1.0 that allows remote attackers to manipulate file paths through the context argument in the add_action Tool. The flaw exists in the _get_context_file_path function and could enable unauthorized file access or system compromise.

📄 Description (Arabic)

ثغرة اجتياز المسار في elinsky execution-system-mcp 0.1.0 تسمح للمهاجمين البعيدين بمعالجة معاملات السياق بشكل ضار للوصول إلى ملفات خارج المجلد المقصود. تقع الثغرة في دالة _get_context_file_path ولم يتم تطبيق التحقق الكافي من صحة المدخلات. قد يؤدي الاستغلال إلى الكشف عن معلومات حساسة أو تنفيذ عمليات غير مصرح بها.

🤖 ملخص تنفيذي (AI)

This vulnerability affects elinsky execution-system-mcp 0.1.0 and allows remote path traversal attacks through improper input validation in the add_action Tool component. Attackers can exploit this to access sensitive files or execute arbitrary operations on affected systems.

🤖 AI Intelligence Analysis Analyzed: May 5, 2026 16:54

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government telecom energy

🎯 MITRE ATT&CK Techniques

T1083 T1190 T1566

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade elinsky execution-system-mcp to a patched version beyond 0.1.0. Implement strict input validation and sanitization for the context parameter in the _get_context_file_path function. Apply path canonicalization and whitelist allowed directories. Deploy Web Application Firewall rules to detect path traversal patterns. Restrict file system access permissions to the minimum required.

🔧 خطوات المعالجة (العربية)

قم بترقية elinsky execution-system-mcp إلى نسخة مصححة فوراً. طبق التحقق الصارم من صحة المدخلات وتنظيفها لمعامل السياق. استخدم تطبيع المسارات والقوائم البيضاء للمجلدات المسموحة. نشر قواعد جدار الحماية لكشف هجمات اجتياز المسار. قيد صلاحيات الوصول لنظام الملفات للحد الأدنى المطلوب.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.7.1.2 A.12.6.1

🔵 SAMA CSF

ID.BE-1 PR.AC-1 PR.PT-1

🟡 ISO 27001:2022

A.6.1.1 A.13.1.1 A.14.2.1

🔗 References & Sources 5

🔗

https://github.com/elinsky/execution-system-mcp/

cna@vuldb.com

🔗

https://github.com/elinsky/execution-system-mcp/issues/1

cna@vuldb.com

🔗

https://vuldb.com/submit/803085

cna@vuldb.com

🔗

https://vuldb.com/vuln/359972

cna@vuldb.com

🔗

https://vuldb.com/vuln/359972/cti

cna@vuldb.com

📊 CVSS Score

7.3

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity High

CVSS Score7.3

CWECWE-22

EPSS0.08%

Exploit No

Patch ✗ No

Published 2026-04-28

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-22

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-7319

💬 Comments

Introduce Yourself

Sign In Required