Cyber Resilience

CVE-2026-7384

Medium

Published: 29 April 2026

Published
29 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0007 20.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7384 is a medium-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-7384 is a path traversal vulnerability (CWE-22) in the ezequiroga mcp-bases project, specifically affecting the search_papers function within the research_server.py file at commits 357ca19c7a49a9b9cb2ef639b366f03aba8bea39 and c630b8ab0f970614d42da8e566e9c0d15a16414c. This flaw allows attackers to manipulate the 'topic' argument to traverse directories and access unintended files. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-04-29.

The vulnerability enables remote exploitation without requiring authentication or user interaction. Attackers can send crafted requests to the affected search_papers endpoint, exploiting the path traversal to read sensitive files, modify data, or disrupt service availability, albeit with low impact levels across confidentiality, integrity, and availability as per the CVSS metrics.

Advisories from VulDB and the project's GitHub repository (ezequiroga/mcp-bases/issues/2) indicate that the issue was reported early, but the maintainers have not yet responded or issued patches. The project uses a rolling release model, providing no specific version details for affected or remediated releases; practitioners should monitor the repository for updates.

The exploit is publicly available, increasing the risk of immediate abuse, though no confirmed real-world exploitation has been reported in the provided details.

EU & UK References

Vulnerability details

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitation of the attack is possible. The exploit is now public…

more

and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Why these techniques?

Path traversal in public-facing search_papers endpoint enables remote unauthenticated file access (T1190) for reading local data (T1005) and directory traversal (T1083).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7159Shared CWE-22
CVE-2026-7149Shared CWE-22
CVE-2026-7272Shared CWE-22
CVE-2026-7386Shared CWE-22
CVE-2026-7205Shared CWE-22
CVE-2026-7319Shared CWE-22
CVE-2026-7594Shared CWE-22
CVE-2026-7315Shared CWE-22
CVE-2026-7212Shared CWE-22
CVE-2026-7810Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the 'topic' argument in the search_papers function to block path traversal sequences like '../'.

prevent

Remediates the specific path traversal flaw in research_server.py through timely patching or updates from the project's rolling release.

detect

Monitors the system for indicators of path traversal exploitation, such as anomalous directory access or file reads via the search_papers endpoint.

References