CVE-2026-7314: eiceblue spire-doc-mcp-server Path Traversal Publicly Exploited
The National Vulnerability Database has disclosed CVE-2026-7314, a high-severity path traversal vulnerability impacting eiceblue spire-doc-mcp-server version 1.0.0. Specifically, the get_doc_path function within src/spire_doc_mcp/api/base.py is susceptible to manipulation via the document_name argument. This flaw allows for remote exploitation, and a public exploit is now available, significantly raising the immediate risk.
Attackers can leverage this vulnerability to traverse directories, potentially accessing or manipulating files outside of intended document paths. The National Vulnerability Database indicates that the project maintainers were notified early via an issue report but have not yet responded, leaving users exposed to active threats. The CVSS score is 7.3 (HIGH), reflecting the ease of exploitation (network-based, low attack complexity, no privileges or user interaction required) and potential impact on confidentiality, integrity, and availability.
This is a critical blind spot for defenders. With a public exploit in the wild and no vendor patch, organizations running affected versions are directly in the crosshairs. The attacker’s calculus is simple: low effort, high reward. They can quickly scan for vulnerable instances and immediately pivot to data exfiltration or system compromise. This isn’t theoretical; it’s a clear and present danger.
What This Means For You
- If your organization utilizes eiceblue spire-doc-mcp-server 1.0.0, you are directly exposed to active, remote path traversal attacks. Immediately identify all instances of this software within your environment. Given the public exploit and lack of a vendor patch, consider isolating or disabling affected systems until a fix is available, or implement robust compensating controls to restrict network access to these services.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7314: eiceblue spire-doc-mcp-server Path Traversal Attempt
title: CVE-2026-7314: eiceblue spire-doc-mcp-server Path Traversal Attempt
id: scw-2026-04-28-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-7314 by targeting the get_doc_path function in eiceblue spire-doc-mcp-server. The rule looks for requests to '/api/base.py' containing the 'document_name=' parameter, which is manipulated to achieve path traversal.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7314/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/base.py'
cs-uri-query|contains:
- 'document_name='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7314 | Vulnerability | CVE-2026-7314 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 29, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-42167: ProFTPD mod_sql RCE Via Log Expansion
CVE-2026-42167 — mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER...
CVE-2026-7319: Path Traversal in elinsky execution-system-mcp Poses Remote Risk
CVE-2026-7319 — A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component...
CVE-2026-7318 — Elie Mcp-Project Path Traversal
CVE-2026-7318 — A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the...