{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7205", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-27T14:02:16.278Z", "datePublished": "2026-04-28T00:30:16.918Z", "dateUpdated": "2026-04-28T14:34:29.738Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-28T00:30:16.918Z"}, "title": "duartium papers-mcp-server main.py search_papers path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "duartium", "product": "papers-mcp-server", "versions": [{"version": "9ceb3812a6458ba7922ca24a7406f8807bc55598", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-27T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-27T16:07:22.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "SmallW (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/359805", "name": "VDB-359805 | duartium papers-mcp-server main.py search_papers path traversal", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/359805/cti", "name": "VDB-359805 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/802080", "name": "Submit #802080 | duartium papers-mcp-server 0.1.0 Path Traversal", "tags": ["third-party-advisory"]}, {"url": "https://github.com/duartium/papers-mcp-server/issues/1", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/duartium/papers-mcp-server/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T13:55:48.882790Z", "id": "CVE-2026-7205", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T14:34:29.738Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}], "id": "CVE-2026-7205", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-28T01:16:01.970", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/duartium/papers-mcp-server/"}, {"source": "cna@vuldb.com", "url": "https://github.com/duartium/papers-mcp-server/issues/1"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/802080"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359805"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359805/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "9ceb3812a6458ba7922ca24a7406f8807bc55598"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "papers-mcp-server", "source": "cna", "vendor": "duartium"}, "product": "papers-mcp-server", "vendor": "duartium"}], "analysis": {"en": {"generated_at": "2026-04-28T12:35:37.936574+00:00", "value": {"mitigation_remediation": ["Validate and sanitize the 'topic' input to remove or reject path traversal sequences before the value is used to build file paths.", "Run the papers\u2011mcp\u2011server process in a confined environment, such as a chroot jail or with strict file\u2011system permissions, so that even if traversal succeeds it cannot reach critical system files.", "Implement monitoring that logs attempts to access disallowed paths and alert administrators when such attempts occur.", "Check the project's repository for an updated commit that addresses the bug; if a fix becomes available, apply it promptly."], "summary": {"action": "Monitor", "impact": "Remote Path Traversal (local file disclosure)"}, "threat_synthesis": {"affected_systems": "The affected product is duartium's papers\u2011mcp\u2011server, specifically the version identified by commit 9ceb3812a6458ba7922ca24a7406f8807bc55598. No other vendors or product variants are listed in the CNA data.", "description_and_impact": "The flaw resides in the search_papers function of src/main.py. By manipulating the query parameter topic, an attacker can craft a request that causes the application to construct a filesystem path containing directory traversal sequences such as ../. This allows the server to access files outside its intended directory, potentially revealing sensitive data. The vulnerability can be triggered remotely and the exploit code is publicly available.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a medium severity risk. Because the EPSS score is not provided, the exact likelihood of exploitation is unclear, but the vulnerability is listed as not in the CISA KEV catalog. The public availability of an exploit and the ability to conduct the attack remotely increase the practical risk. An adversary could read arbitrary files on the host, which may contain configuration settings, secrets, or user data."}}}}, "created": "2026-04-28T09:16:37.747124+00:00", "updated": "2026-04-28T12:45:31.386360+00:00", "vendors": ["duartium", "duartium$PRODUCT$papers-mcp-server"]}