CVE-2026-7319: Path Traversal in elinsky execution-system-mcp Poses Remote Risk
The National Vulnerability Database has disclosed CVE-2026-7319, a high-severity path traversal vulnerability (CVSS 7.3) in elinsky execution-system-mcp version 0.1.0. The flaw resides in the _get_context_file_path function within src/execution_system_mcp/server.py, specifically in the add_action Tool component.
This vulnerability allows remote attackers to manipulate the context argument, enabling path traversal. Crucially, an exploit for this flaw has already been published, meaning adversaries can readily leverage it. While specific affected products are not detailed by the National Vulnerability Database, organizations utilizing this particular version of elinsky execution-system-mcp are directly exposed.
Path traversal vulnerabilities are not theoretical; they allow attackers to access arbitrary files and directories outside of their intended scope. This can lead to sensitive data exposure, unauthorized file modification, or even remote code execution if the traversed paths lead to executable scripts. The availability of an exploit elevates this from a theoretical risk to an immediate threat requiring urgent attention.
What This Means For You
- If your organization uses elinsky execution-system-mcp 0.1.0, you are directly exposed to CVE-2026-7319. Patching or upgrading this component is critical. Immediately audit systems running this software for unusual file access patterns or unauthorized modifications, as an exploit is publicly available.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7319: Path Traversal in elinsky execution-system-mcp add_action Tool
title: CVE-2026-7319: Path Traversal in elinsky execution-system-mcp add_action Tool
id: scw-2026-04-28-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7319 by identifying requests to the '/add_action' endpoint with a 'context=' parameter, indicative of a path traversal attempt in elinsky execution-system-mcp.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7319/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/add_action'
cs-uri-query|contains:
- 'context='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7319 | Path Traversal | elinsky execution-system-mcp version 0.1.0 |
| CVE-2026-7319 | Path Traversal | Vulnerable function: _get_context_file_path in src/execution_system_mcp/server.py |
| CVE-2026-7319 | Path Traversal | Vulnerable component: add_action Tool |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 29, 2026 at 01:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-42167: ProFTPD mod_sql RCE Via Log Expansion
CVE-2026-42167 — mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER...
CVE-2026-7318 — Elie Mcp-Project Path Traversal
CVE-2026-7318 — A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the...
CVE-2026-7317 — Grav CMS Insecure Deserialization
CVE-2026-7317 — A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of...