Cyber Resilience

CVE-2026-7319

Medium

Published: 28 April 2026

Published
28 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0015 35.4th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7319 is a medium-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-7319 is a path traversal vulnerability (CWE-22) affecting elinsky execution-system-mcp version 0.1.0. The flaw exists in the _get_context_file_path function located in the file src/execution_system_mcp/server.py within the add_action Tool component. Manipulation of the 'context' argument triggers the path traversal issue.

The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rated as high severity. Remote attackers can exploit it without privileges or user interaction, requiring only low attack complexity over the network. Successful exploitation enables limited impacts on confidentiality, integrity, and availability through path traversal.

Advisories and further details are available in the project's GitHub repository at https://github.com/elinsky/execution-system-mcp/ and issue tracker at https://github.com/elinsky/execution-system-mcp/issues/1, along with VulDB entries such as https://vuldb.com/vuln/359972 and https://vuldb.com/vuln/359972/cti. The exploit has been published and may be used.

EU & UK References

Vulnerability details

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely.…

more

The exploit has been published and may be used.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal in public-facing server component enables remote unauthenticated exploitation (T1190) and direct unauthorized file access for local data collection (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7149Shared CWE-22
CVE-2026-7272Shared CWE-22
CVE-2026-7386Shared CWE-22
CVE-2026-7205Shared CWE-22
CVE-2026-7594Shared CWE-22
CVE-2026-7315Shared CWE-22
CVE-2026-7212Shared CWE-22
CVE-2026-7810Shared CWE-22
CVE-2025-61913Shared CWE-22
CVE-2026-7384Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of the 'context' argument in _get_context_file_path to block path traversal sequences like '../', directly preventing remote exploitation.

prevent

Mandates timely identification, reporting, and correction of the path traversal flaw in elinsky execution-system-mcp 0.1.0 server.py.

prevent

Enforces restrictions on inputs to the 'context' argument, prohibiting traversal characters and limiting manipulation in the add_action Tool component.

References