CVE-2026-7205: High-Severity Path Traversal in duartium papers-mcp-server
The National Vulnerability Database (NVD) has identified CVE-2026-7205, a high-severity path traversal vulnerability (CVSS 7.3) in duartium papers-mcp-server, specifically version 9ceb3812a6458ba7922ca24a7406f8807bc55598. This flaw resides within the search_papers function in src/main.py, where manipulation of the topic argument allows remote attackers to traverse directories.
This isn’t theoretical; an exploit is publicly available, significantly lowering the bar for attackers. The project maintainers were reportedly informed via an issue report but have not yet responded, leaving a critical window open for exploitation. Attackers will leverage this lack of response and the public exploit to gain unauthorized access to files and potentially sensitive data on affected servers.
Defenders need to understand the attacker’s calculus here: a public exploit and an unresponsive vendor mean this vulnerability is ripe for automated scanning and opportunistic exploitation. Any organization running this specific version of duartium papers-mcp-server is a sitting duck until a patch or mitigation is in place. Path traversal can lead to information disclosure, arbitrary file writes, or even remote code execution depending on the server’s configuration and the attacker’s ingenuity.
What This Means For You
- If your organization uses duartium papers-mcp-server, specifically version 9ceb3812a6458ba7922ca24a7406f8807bc55598, you are directly exposed to CVE-2026-7205. Immediately identify instances of this server in your environment. If you cannot patch, isolate these systems and implement stringent input validation on the `topic` argument if possible, or take the service offline until a fix is available. Assume compromise if you are running this vulnerable version.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7205: Path Traversal in duartium papers-mcp-server search_papers
title: CVE-2026-7205: Path Traversal in duartium papers-mcp-server search_papers
id: scw-2026-04-28-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-7205 by looking for requests to the '/search_papers' endpoint with the 'topic' parameter containing directory traversal sequences ('../'). This indicates a potential path traversal attack against the duartium papers-mcp-server.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7205/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/search_papers?topic='
cs-uri|contains:
- '../'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7205 | Path Traversal | duartium papers-mcp-server version 9ceb3812a6458ba7922ca24a7406f8807bc55598 |
| CVE-2026-7205 | Path Traversal | Vulnerable function: search_papers in src/main.py |
| CVE-2026-7205 | Path Traversal | Manipulation of argument 'topic' in search_papers function |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 28, 2026 at 04:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7214: eghuzefa engineer-your-data Path Traversal Vulnerability (High Severity)
CVE-2026-7214 — A vulnerability was identified in eghuzefa engineer-your-data up to 0.1.3. This vulnerability affects the function read_file/write_file/list_files/file_inf of the file src/server.py. The manipulation of...
ef10007 MLOps_MCP Path Traversal (CVE-2026-7213) Publicly Exploitable
CVE-2026-7213 — A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The...
CVE-2026-7212: edvardlindelof notes-mcp Path Traversal Vulnerability
CVE-2026-7212 — A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation...