CVE-2026-7205
Published: 28 April 2026
Summary
CVE-2026-7205 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents path traversal by implementing input validation mechanisms on the 'topic' argument in the search_papers function to reject traversal sequences like '../'.
Requires timely identification, reporting, and correction of the path traversal flaw in src/main.py of duartium papers-mcp-server.
Scans the application for vulnerabilities like CVE-2026-7205 path traversal and supports remediation or compensating controls.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing server enables remote exploitation (T1190); allows unauthorized file access outside intended directory facilitating data collection from local system (T1005).
NVD Description
A vulnerability was identified in duartium papers-mcp-server 9ceb3812a6458ba7922ca24a7406f8807bc55598. Impacted is the function search_papers of the file src/main.py. Such manipulation of the argument topic leads to path traversal. The attack may be launched remotely. The exploit is publicly available and might…
more
be used. The project was informed of the problem early through an issue report but has not responded yet.
Deeper analysisAI
CVE-2026-7205 is a path traversal vulnerability (CWE-22) in the duartium papers-mcp-server project, specifically impacting the search_papers function in the file src/main.py at commit 9ceb3812a6458ba7922ca24a7406f8807bc55598. Published on 2026-04-28, the issue allows manipulation of the 'topic' argument and carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
The vulnerability enables remote exploitation by unauthenticated attackers requiring only network access and low attack complexity. Successful exploitation can result in limited impacts to confidentiality, integrity, and availability, such as unauthorized access to files outside the intended directory.
Advisories from VulDB indicate the project was informed early through GitHub issue #1 but has not responded, with no patches or official mitigations available as of the latest reports. Relevant references include the GitHub repository at https://github.com/duartium/papers-mcp-server/, the issue tracker at https://github.com/duartium/papers-mcp-server/issues/1, and VulDB entries at https://vuldb.com/vuln/359805.
A publicly available exploit exists and might be used in attacks.
Details
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp