Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by UsamaK98
CVE-2026-7810 (GCVE-0-2026-7810)
Vulnerability from cvelistv5 – Published: 2026-05-05 03:45 – Updated: 2026-05-06 12:35
VLAI
Title
UsamaK98 python-notebook-mcp server.py add_cell path traversal
Summary
A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/361070 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/361070/cti | signaturepermissions-required |
| https://vuldb.com/submit/807748 | third-party-advisory |
| https://github.com/UsamaK98/python-notebook-mcp/i… | exploitissue-tracking |
| https://github.com/UsamaK98/python-notebook-mcp/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UsamaK98 | python-notebook-mcp |
Affected:
a05a232815809a7e425b5fa7be26e0d4369894c2
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T12:35:25.373358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T12:35:41.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-notebook-mcp",
"vendor": "UsamaK98",
"versions": [
{
"status": "affected",
"version": "a05a232815809a7e425b5fa7be26e0d4369894c2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CPT_Penner (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function create_notebook/read_notebook/edit_cell/add_cell of the file server.py. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T03:45:14.085Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-361070 | UsamaK98 python-notebook-mcp server.py add_cell path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/361070"
},
{
"name": "VDB-361070 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/361070/cti"
},
{
"name": "Submit #807748 | UsamaK98 python-notebook-mcp a05a232815809a7e425b5fa7be26e0d4369894c2 Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807748"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/UsamaK98/python-notebook-mcp/issues/5"
},
{
"tags": [
"product"
],
"url": "https://github.com/UsamaK98/python-notebook-mcp/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-04T23:28:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "UsamaK98 python-notebook-mcp server.py add_cell path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7810",
"datePublished": "2026-05-05T03:45:14.085Z",
"dateReserved": "2026-05-04T21:22:13.227Z",
"dateUpdated": "2026-05-06T12:35:41.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}