Cyber Resilience

CVE-2026-7205

Medium

Published: 28 April 2026

Published
28 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0007 20.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7205 is a medium-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-7205 is a path traversal vulnerability (CWE-22) in the duartium papers-mcp-server project, specifically impacting the search_papers function in the file src/main.py at commit 9ceb3812a6458ba7922ca24a7406f8807bc55598. Published on 2026-04-28, the issue allows manipulation of the 'topic' argument and carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).

The vulnerability enables remote exploitation by unauthenticated attackers requiring only network access and low attack complexity. Successful exploitation can result in limited impacts to confidentiality, integrity, and availability, such as unauthorized access to files outside the intended directory.

Advisories from VulDB indicate the project was informed early through GitHub issue #1 but has not responded, with no patches or official mitigations available as of the latest reports. Relevant references include the GitHub repository at https://github.com/duartium/papers-mcp-server/, the issue tracker at https://github.com/duartium/papers-mcp-server/issues/1, and VulDB entries at https://vuldb.com/vuln/359805.

A publicly available exploit exists and might be used in attacks.

EU & UK References

Vulnerability details

A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might…

more

be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal in public-facing server enables remote exploitation (T1190); allows unauthorized file access outside intended directory facilitating data collection from local system (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7149Shared CWE-22
CVE-2026-7272Shared CWE-22
CVE-2026-7386Shared CWE-22
CVE-2026-7319Shared CWE-22
CVE-2026-7594Shared CWE-22
CVE-2026-7315Shared CWE-22
CVE-2026-7212Shared CWE-22
CVE-2026-7810Shared CWE-22
CVE-2025-61913Shared CWE-22
CVE-2026-7384Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents path traversal by implementing input validation mechanisms on the 'topic' argument in the search_papers function to reject traversal sequences like '../'.

prevent

Requires timely identification, reporting, and correction of the path traversal flaw in src/main.py of duartium papers-mcp-server.

preventdetect

Scans the application for vulnerabilities like CVE-2026-7205 path traversal and supports remediation or compensating controls.

References