📄 Description (English)
A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of the argument DOCS_DIR/path results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
🤖 AI Executive Summary
CVE-2026-7788 is a critical path traversal vulnerability in Axle-Bucamp MCP-Docusaurus affecting document management functions. An attacker can manipulate the DOCS_DIR/path parameter to access unauthorized files on the system remotely. With a CVSS score of 7.3 and public exploit availability, this poses significant risk to organizations using this software for document management, particularly in sensitive sectors handling confidential data.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 8, 2026 19:17
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses significant risk to Saudi government entities (NCA, Ministry of Interior), ARAMCO and energy sector organizations, SAMA-regulated financial institutions, and healthcare providers (MOH) that utilize document management systems. The path traversal flaw could expose classified government documents, financial records, patient health information, and proprietary energy sector data. Telecom operators (STC, Mobily) managing customer documentation are also at risk. The lack of vendor response and public exploit availability elevates the threat level for critical infrastructure.
🏢 Affected Saudi Sectors
Government & Public Administration (NCA, Ministry of Interior, Ministry of Defense)
Banking & Financial Services (SAMA-regulated institutions)
Energy & Petroleum (ARAMCO, energy sector organizations)
Healthcare (Ministry of Health, private hospitals)
Telecommunications (STC, Mobily, Zain)
Education (Universities, research institutions)
Legal & Compliance (Law firms, compliance departments)
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of Axle-Bucamp MCP-Docusaurus in your environment and isolate affected systems from production networks if possible
2. Implement network-level access controls restricting access to document management endpoints to authorized users only
3. Enable comprehensive logging and monitoring of all document-related API calls (update_document, continue_document, delete_document, get_content)
4. Review access logs for suspicious path traversal patterns (../, ..\, encoded variants like %2e%2e%2f)
PATCHING GUIDANCE:
5. Contact Axle-Bucamp development team directly for security patches or workarounds
6. Monitor the project repository for security updates given the rolling release model
7. Implement input validation on the DOCS_DIR/path parameter to reject path traversal attempts
COMPENSATING CONTROLS:
8. Deploy Web Application Firewall (WAF) rules to block path traversal payloads in document API endpoints
9. Implement strict file system permissions ensuring the application runs with minimal required privileges
10. Use chroot/containerization to restrict file system access scope
11. Implement API rate limiting and request throttling on document endpoints
DETECTION RULES:
12. Monitor for requests containing: ../, ..\ , %2e%2e%2f, %252e%252e%252f in DOCS_DIR parameter
13. Alert on any document API calls attempting to access files outside designated document directories
14. Track failed authentication attempts followed by path traversal attempts
15. Implement SIEM rules correlating multiple failed document access attempts from same source IP
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع نسخ Axle-Bucamp MCP-Docusaurus في بيئتك وعزل الأنظمة المتأثرة عن شبكات الإنتاج إن أمكن
2. طبق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقاط نهاية إدارة المستندات للمستخدمين المصرح لهم فقط
3. فعّل التسجيل والمراقبة الشاملة لجميع استدعاءات API المتعلقة بالمستندات
4. راجع سجلات الوصول للأنماط المريبة لاجتياز المسارات
إرشادات التصحيح:
5. اتصل بفريق تطوير Axle-Bucamp مباشرة للحصول على تصحيحات أمان أو حلول بديلة
6. راقب مستودع المشروع للحصول على تحديثات أمان
7. طبق التحقق من صحة المدخلات على معامل DOCS_DIR/path لرفض محاولات اجتياز المسارات
عناصر التحكم البديلة:
8. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحجب حمولات اجتياز المسارات
9. طبق أذونات نظام الملفات الصارمة
10. استخدم chroot/containerization لتقييد نطاق الوصول إلى نظام الملفات
11. طبق تحديد معدل API والتحكم في الطلبات
قواعد الكشف:
12. راقب الطلبات التي تحتوي على: ../, ..\ , %2e%2e%2f في معامل DOCS_DIR
13. أصدر تنبيهات لأي استدعاءات API للمستندات تحاول الوصول إلى ملفات خارج الدلائل المخصصة
14. تتبع محاولات المصادقة الفاشلة متبوعة بمحاولات اجتياز المسارات
15. طبق قواعد SIEM لربط محاولات الوصول المتعددة الفاشلة من نفس عنوان IP
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.6.2.2 - User Access Rights
A.7.1.1 - Cryptography Policy
A.8.1.1 - Audit Logging
A.8.2.1 - Protection of Log Information
A.12.4.1 - Event Logging
A.12.6.1 - Management of Technical Vulnerabilities
🔵 SAMA CSF
Governance (GV) - GV-RO-01: Risk Oversight
Governance (GV) - GV-RM-01: Risk Management Program
Protect (PR) - PR-AC-01: Access Control
Protect (PR) - PR-AC-02: Privileged Access Management
Protect (PR) - PR-DS-01: Data Security
Detect (DE) - DE-CM-01: Continuous Monitoring
Detect (DE) - DE-AE-01: Anomaly Detection
Respond (RS) - RS-RP-01: Response Planning
🟡 ISO 27001:2022
5.3 - Segregation of Duties
6.1.1 - Information Security Policies
6.2 - Information Security Risk Assessment
8.1 - Operational Planning and Control
8.2.1 - User Endpoint Devices
8.2.3 - Removable Media
8.3.1 - Information and Other Assets
8.3.4 - Removal of Assets
A.5.1.1 - Policies for Information Security
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and De-registration
A.8.1.1 - Audit Logging
A.12.6.1 - Management of Technical Vulnerabilities
🟣 PCI DSS v4.0.1
1.1 - Firewall Configuration Standards
2.1 - Always Change Vendor-Supplied Defaults
6.2 - Ensure Security Patches Installed
6.5.1 - Injection Flaws
6.5.8 - Improper Access Control
10.1 - Implement Automated Audit Trails
10.2.1 - User Identification
10.2.4 - Invalid Access Attempts
🔗 References & Sources 5