Cyber Posture

CVE-2026-7404

High

Published: 29 April 2026

Published
29 April 2026
Modified
29 April 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0002 6.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7404 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

SI-10 directly prevents path traversal by requiring validation of the untrusted 'detail' argument in the delete_shared_prompt function.

SI-2 Flaw Remediation good match
preventrecover

SI-2 mandates identification, reporting, and correction of flaws like this relative path traversal vulnerability, including monitoring for patches.

SC-7 Boundary Protection partial match
prevent

SC-7 limits remote exploitation of the unauthenticated path traversal by enforcing boundary protections and restricting network access to the vulnerable server.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
Why these techniques?

The relative path traversal vulnerability in a public-facing unauthenticated server directly enables remote exploitation of the application (T1190) and facilitates unauthorized local file access (T1005) and deletion/modification (T1070.004) via the 'detail' argument in delete_shared_prompt.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate the attack remotely. The exploit…

more

has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Deeper analysisAI

CVE-2026-7404 is a relative path traversal vulnerability (CWE-22, CWE-23) in getsimpletool mcpo-simple-server versions up to 0.2.0. The flaw resides in the delete_shared_prompt function within the file src/mcpo_simple_server/services/prompt_manager/base_manager.py, where manipulation of the 'detail' argument triggers the traversal.

Attackers can exploit this remotely without authentication, privileges, or user interaction, given the CVSS v3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L (base score 7.3). Exploitation enables limited impacts on confidentiality, integrity, and availability, such as unauthorized file access or modification via path traversal.

References indicate the project was notified early via GitHub issue #4 but has not responded, with no patches or mitigations detailed in VulDB advisories. Security practitioners should restrict network access to affected servers and monitor the repository at https://github.com/getsimpletool/mcpo-simple-server for updates.

A public exploit is available, heightening the risk of real-world attacks against exposed instances. The prompt_manager component suggests relevance to AI/ML prompt handling workflows.

Details

CWE(s)
CWE-22CWE-23

CVEs Like This One

CVE-2025-29789Shared CWE-22, CWE-23
CVE-2026-27202Shared CWE-22, CWE-23
CVE-2026-3464Shared CWE-22
CVE-2026-33686Shared CWE-22
CVE-2025-30005Shared CWE-22
CVE-2026-33493Shared CWE-22
CVE-2025-70084Shared CWE-22
CVE-2025-1599Shared CWE-22, CWE-23
CVE-2026-21659Shared CWE-22, CWE-23
CVE-2025-9801Shared CWE-22

References