{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7159", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-26T20:16:29.785Z", "datePublished": "2026-04-27T21:15:14.082Z", "dateUpdated": "2026-04-28T12:49:01.319Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-27T21:15:14.082Z"}, "title": "douinc mkdocs-mcp-plugin server.py list_documents path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "douinc", "product": "mkdocs-mcp-plugin", "versions": [{"version": "0.4.0", "status": "affected"}, {"version": "0.4.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the \"fix will be published within a few days.\""}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:C"}}], "timeline": [{"time": "2026-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-26T22:21:34.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "SmallW (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359758", "name": "VDB-359758 | douinc mkdocs-mcp-plugin server.py list_documents path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359758/cti", "name": "VDB-359758 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/802063", "name": "Submit #802063 | douinc mkdocs-mcp-plugin 0.4.1 Path Traversal", "tags": ["third-party-advisory"]}, {"url": "https://github.com/douinc/mkdocs-mcp-plugin/issues/6", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/douinc/mkdocs-mcp-plugin/issues/6#issuecomment-4223718119", "tags": ["issue-tracking"]}, {"url": "https://github.com/douinc/mkdocs-mcp-plugin/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T12:48:53.676939Z", "id": "CVE-2026-7159", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:49:01.319Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the \"fix will be published within a few days.\""}], "id": "CVE-2026-7159", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-27T22:16:18.480", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/douinc/mkdocs-mcp-plugin/"}, {"source": "cna@vuldb.com", "url": "https://github.com/douinc/mkdocs-mcp-plugin/issues/6"}, {"source": "cna@vuldb.com", "url": "https://github.com/douinc/mkdocs-mcp-plugin/issues/6#issuecomment-4223718119"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/802063"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359758"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359758/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.4.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.4.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "mkdocs-mcp-plugin", "source": "cna", "vendor": "douinc"}, "product": "mkdocs-mcp-plugin", "vendor": "douinc"}], "analysis": {"en": {"generated_at": "2026-04-28T12:49:14.750211+00:00", "value": {"mitigation_remediation": ["Apply the vendor-published patch once it becomes available (upgrade to a version newer than 0.4.1).", "If upgrading immediately is not possible, restrict network access to the plugin\u2019s API or disable the affected endpoints.", "Alternatively, configure the server to validate and sanitize the docs_dir and file_path arguments, rejecting any string containing '..' or absolute paths."], "summary": {"action": "Patch Now", "impact": "Remote File Access via Directory Traversal"}, "threat_synthesis": {"affected_systems": "The issue affects douinc mkdocs-mcp-plugin versions up to and including 0.4.1. Any installation that has not applied the forthcoming fix is susceptible.", "description_and_impact": "The vulnerability occurs in the read_document and list_documents functions of server.py in mkdocs-mcp-plugin. By manipulating the docs_dir or file_path parameters, an attacker can perform path traversal. The flaw is exploitable remotely, allowing the attacker to read files outside the intended directory and potentially disclose sensitive data, thereby compromising confidentiality.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity. No EPSS data is available, but the vulnerability has already been exposed publicly, meaning that exploitation is feasible. It is not listed in CISA KEV. Attackers can trigger the flaw from the network by sending crafted requests to the plugin\u2019s API, potentially bypassing normal file boundaries."}}}}, "created": "2026-04-28T09:16:52.526347+00:00", "updated": "2026-04-28T13:00:15.231148+00:00", "vendors": ["douinc", "douinc$PRODUCT$mkdocs-mcp-plugin"]}