Cyber Resilience

CVE-2026-7788

Medium

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0007 20.6th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7788 is a medium-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-7788 is a path traversal vulnerability (CWE-22) affecting Axle-Bucamp MCP-Docusaurus up to commit 404bc028e15ec304c9a045528560f4b5f27a17e0. The flaw resides in the update_document, continue_document, delete_document, and get_content functions within the file app/routes/document.py, where manipulation of the DOCS_DIR/path argument enables traversal outside intended directories. This issue was published on 2026-05-05 and carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rated as high severity.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, potentially enabling unauthorized read, write, or deletion of files outside the intended document directory.

Advisories note that the project uses a rolling release model, providing no specific affected or patched version details. The developers were informed early via GitHub issue #2 but have not responded. An exploit is publicly available, increasing risk. Relevant resources include the project repository at https://github.com/Axle-Bucamp/MCP-Docusaurus/, the issue tracker at https://github.com/Axle-Bucamp/MCP-Docusaurus/issues/2, and VulDB entries at https://vuldb.com/vuln/360994 and related pages.

EU & UK References

Vulnerability details

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of the argument DOCS_DIR/path results in path traversal. The attack may be initiated remotely.…

more

The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: mcp

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
Why these techniques?

Path traversal in public-facing document management functions directly enables remote file read (T1005), deletion (T1070.004), arbitrary write for tool ingress (T1105), and initial access via exploitation of the exposed app (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7811Shared CWE-22
CVE-2026-40576Shared CWE-22
CVE-2026-7237Shared CWE-22
CVE-2026-7149Shared CWE-22
CVE-2026-7272Shared CWE-22
CVE-2026-7386Shared CWE-22
CVE-2026-7205Shared CWE-22
CVE-2026-7319Shared CWE-22
CVE-2026-7594Shared CWE-22
CVE-2026-7315Shared CWE-22

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks manipulation of the DOCS_DIR/path argument by validating inputs to reject path traversal sequences before any document operations execute.

prevent

Enforces access control policies on file-system resources so that even a crafted path cannot read, write, or delete files outside the intended DOCS_DIR.

prevent

Mediates information flow between the web request and the file system, limiting traversal to only explicitly permitted directories and operations.

References