CVE-2026-7315: eiceblue spire-pdf-mcp-server Path Traversal Vulnerability
The National Vulnerability Database has detailed CVE-2026-7315, a high-severity path traversal vulnerability (CVSS 7.3) in eiceblue spire-pdf-mcp-server version 0.1.1. The flaw exists within the get_pdf_path function in src/spire_pdf_mcp/server.py, specifically in the PDF File Handler component. An attacker can remotely exploit this by manipulating the filepath argument.
This vulnerability allows for path traversal, meaning an attacker could potentially access arbitrary files and directories outside of the intended scope on the server. The exploit code has been publicly released, significantly increasing the immediate risk for any organization running this specific version of spire-pdf-mcp-server. The project maintainers were reportedly informed but have not yet responded or issued a fix.
This is a critical oversight. Publicly available exploits combined with unpatched vulnerabilities create an immediate attack vector. Defenders should assume active exploitation is already occurring or imminent. The lack of response from the vendor means organizations must take proactive measures to mitigate this risk.
What This Means For You
- If your organization uses eiceblue spire-pdf-mcp-server 0.1.1, you are exposed. Immediately identify all instances of this software. Given the public exploit and lack of vendor response, the most secure immediate action is to take affected systems offline until a patch or robust mitigation strategy is in place. If that's not feasible, implement strict input validation and access controls, and monitor file access logs for any anomalous activity related to PDF handling.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7315: eiceblue spire-pdf-mcp-server Path Traversal Attempt
title: CVE-2026-7315: eiceblue spire-pdf-mcp-server Path Traversal Attempt
id: scw-2026-04-28-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit the CVE-2026-7315 vulnerability in eiceblue spire-pdf-mcp-server by targeting the get_pdf_path function. This rule looks for requests to the specific server endpoint with the 'filepath' parameter, which is susceptible to path traversal.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7315/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/spire_pdf_mcp/server.py'
cs-uri-query|contains:
- 'filepath='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7315 | Path Traversal | eiceblue spire-pdf-mcp-server version 0.1.1 |
| CVE-2026-7315 | Path Traversal | Vulnerable function: get_pdf_path in src/spire_pdf_mcp/server.py |
| CVE-2026-7315 | Path Traversal | Manipulation of argument 'filepath' |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 29, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-42167: ProFTPD mod_sql RCE Via Log Expansion
CVE-2026-42167 — mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER...
CVE-2026-7319: Path Traversal in elinsky execution-system-mcp Poses Remote Risk
CVE-2026-7319 — A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component...
CVE-2026-7318 — Elie Mcp-Project Path Traversal
CVE-2026-7318 — A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the...