Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by ezequiroga
CVE-2026-7384 (GCVE-0-2026-7384)
Vulnerability from nvd – Published: 2026-04-29 14:30 – Updated: 2026-04-29 14:40
VLAI
Title
ezequiroga mcp-bases research_server.py search_papers path traversal
Summary
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360106 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360106/cti | signaturepermissions-required |
| https://vuldb.com/submit/803095 | third-party-advisory |
| https://github.com/ezequiroga/mcp-bases/issues/2 | exploitissue-tracking |
| https://github.com/ezequiroga/mcp-bases/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ezequiroga | mcp-bases |
Affected:
357ca19c7a49a9b9cb2ef639b366f03aba8bea39
Affected: c630b8ab0f970614d42da8e566e9c0d15a16414c |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7384",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T14:39:44.442768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:40:38.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mcp-bases",
"vendor": "ezequiroga",
"versions": [
{
"status": "affected",
"version": "357ca19c7a49a9b9cb2ef639b366f03aba8bea39"
},
{
"status": "affected",
"version": "c630b8ab0f970614d42da8e566e9c0d15a16414c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LittleW (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:30:13.232Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360106 | ezequiroga mcp-bases research_server.py search_papers path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360106"
},
{
"name": "VDB-360106 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360106/cti"
},
{
"name": "Submit #803095 | ezequiroga mcp-bases c630b8ab0f970614d42da8e566e9c0d15a16414c Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803095"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ezequiroga/mcp-bases/issues/2"
},
{
"tags": [
"product"
],
"url": "https://github.com/ezequiroga/mcp-bases/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T10:50:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "ezequiroga mcp-bases research_server.py search_papers path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7384",
"datePublished": "2026-04-29T14:30:13.232Z",
"dateReserved": "2026-04-29T08:45:03.357Z",
"dateUpdated": "2026-04-29T14:40:38.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7384 (GCVE-0-2026-7384)
Vulnerability from cvelistv5 – Published: 2026-04-29 14:30 – Updated: 2026-04-29 14:40
VLAI
Title
ezequiroga mcp-bases research_server.py search_papers path traversal
Summary
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360106 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360106/cti | signaturepermissions-required |
| https://vuldb.com/submit/803095 | third-party-advisory |
| https://github.com/ezequiroga/mcp-bases/issues/2 | exploitissue-tracking |
| https://github.com/ezequiroga/mcp-bases/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ezequiroga | mcp-bases |
Affected:
357ca19c7a49a9b9cb2ef639b366f03aba8bea39
Affected: c630b8ab0f970614d42da8e566e9c0d15a16414c |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7384",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T14:39:44.442768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:40:38.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mcp-bases",
"vendor": "ezequiroga",
"versions": [
{
"status": "affected",
"version": "357ca19c7a49a9b9cb2ef639b366f03aba8bea39"
},
{
"status": "affected",
"version": "c630b8ab0f970614d42da8e566e9c0d15a16414c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LittleW (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search_papers of the file research_server.py. Performing a manipulation of the argument topic results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:30:13.232Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360106 | ezequiroga mcp-bases research_server.py search_papers path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360106"
},
{
"name": "VDB-360106 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360106/cti"
},
{
"name": "Submit #803095 | ezequiroga mcp-bases c630b8ab0f970614d42da8e566e9c0d15a16414c Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803095"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/ezequiroga/mcp-bases/issues/2"
},
{
"tags": [
"product"
],
"url": "https://github.com/ezequiroga/mcp-bases/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T10:50:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "ezequiroga mcp-bases research_server.py search_papers path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7384",
"datePublished": "2026-04-29T14:30:13.232Z",
"dateReserved": "2026-04-29T08:45:03.357Z",
"dateUpdated": "2026-04-29T14:40:38.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}