CVE-2026-7384
Published: 29 April 2026
Summary
CVE-2026-7384 is a medium-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-7384 is a path traversal vulnerability (CWE-22) in the ezequiroga mcp-bases project, specifically affecting the search_papers function within the research_server.py file at commits 357ca19c7a49a9b9cb2ef639b366f03aba8bea39 and c630b8ab0f970614d42da8e566e9c0d15a16414c. This flaw allows attackers to manipulate the 'topic' argument to traverse directories and access unintended files. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-04-29.
The vulnerability enables remote exploitation without requiring authentication or user interaction. Attackers can send crafted requests to the affected search_papers endpoint, exploiting the path traversal to read sensitive files, modify data, or disrupt service availability, albeit with low impact levels across confidentiality, integrity, and availability as per the CVSS metrics.
Advisories from VulDB and the project's GitHub repository (ezequiroga/mcp-bases/issues/2) indicate that the issue was reported early, but the maintainers have not yet responded or issued patches. The project uses a rolling release model, providing no specific version details for affected or remediated releases; practitioners should monitor the repository for updates.
The exploit is publicly available, increasing the risk of immediate abuse, though no confirmed real-world exploitation has been reported in the provided details.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26238
Vulnerability details
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitation of the attack is possible. The exploit is now public…
more
and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
- CWE(s)
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: mcp
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing search_papers endpoint enables remote unauthenticated file access (T1190) for reading local data (T1005) and directory traversal (T1083).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the 'topic' argument in the search_papers function to block path traversal sequences like '../'.
Remediates the specific path traversal flaw in research_server.py through timely patching or updates from the project's rolling release.
Monitors the system for indicators of path traversal exploitation, such as anomalous directory access or file reads via the search_papers endpoint.