CVE-2026-7398: Path Traversal in BioinfoMCP Upload Endpoint

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitypath-traversalcwe-22
CVE-2026-7398: Path Traversal in BioinfoMCP Upload Endpoint

The National Vulnerability Database has disclosed CVE-2026-7398, a high-severity path traversal vulnerability impacting florensiawidjaja BioinfoMCP up to commit 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. The weakness lies within the Upload function of the bioinfo_mcp_platform/app.py file, specifically in the Upload Endpoint component. Attackers can exploit this remotely by manipulating the Name argument during file uploads.

This vulnerability, with a CVSSv3.1 score of 7.3, allows for path traversal, potentially leading to information disclosure, unauthorized file modification, or even remote code execution if combined with other weaknesses. The National Vulnerability Database notes that exploit code is publicly available, increasing the immediate risk. The project utilizes continuous delivery, meaning specific affected or updated version details are unavailable.

Despite an early issue report, the project maintainers have not yet responded, leaving users exposed. Defenders should prioritize identifying instances of BioinfoMCP in their environments and preparing for immediate mitigation. This is a classic path traversal scenario, highlighting the critical importance of robust input validation, especially for file upload functionalities.

What This Means For You

  • If your organization uses florensiawidjaja BioinfoMCP, you are at risk. This path traversal vulnerability is remotely exploitable and has public exploit code. Immediately identify all instances of BioinfoMCP within your infrastructure. Since no patch information is available, consider isolating affected systems or implementing strict network-level controls to prevent external access to the upload endpoint until a fix is released.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1071.004 Web Protocols Command and Control T1566.002 Spearphishing Attachment Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-7398: BioinfoMCP Path Traversal via Upload Name Parameter

Sigma YAML — free preview 
title: CVE-2026-7398: BioinfoMCP Path Traversal via Upload Name Parameter
id: scw-2026-04-29-ai-1
status: experimental
level: high
description: |
  Detects attempts to exploit CVE-2026-7398 by identifying POST requests to the BioinfoMCP upload endpoint ('/bioinfo_mcp_platform/app.py') that contain the 'Name' parameter manipulated with path traversal sequences ('../'). This is the primary indicator of the vulnerability being exploited for initial access.
author: SCW Feed Engine (AI-generated)
date: 2026-04-29
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7398/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/bioinfo_mcp_platform/app.py'
      cs-method|exact:
          - 'POST'
      cs-uri-query|contains:
          - 'Name=' 
          - '../'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7398 Path Traversal florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54
CVE-2026-7398 Path Traversal Vulnerable function: Upload in bioinfo_mcp_platform/app.py
CVE-2026-7398 Path Traversal Vulnerable component: Upload Endpoint, argument 'Name'

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 29, 2026 at 22:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

AgentFlow RCE Vulnerability (CVE-2026-7466) Allows Local Code Execution

CVE-2026-7466 — AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to...

vulnerabilityCVEhigh-severitycode-executioncwe-94
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 5 IOCs /⚙ 3 Sigma

CVE-2026-7439 — AgentFlow's local web API accepts non-JSON content types on

CVE-2026-7439 — AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass...

vulnerabilityCVEmedium-severitycwe-346
/SCW Vulnerability Desk /MEDIUM /4.4 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-7424: FreeRTOS-Plus-TCP DHCPv6 Vulnerability Leads to DoS

CVE-2026-7424 — Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6...

vulnerabilityCVEhigh-severitydenial-of-servicecwe-191
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma