{"vulnerability": "CVE-2026-42080", "sightings": [{"uuid": "60fac494-17b6-4735-a82b-d2416719a5b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42080", "type": "seen", "source": "https://gist.github.com/alon710/b2bc5ba5f8df2172d7f1f2a079b556ec", "content": "# CVE-2026-42080: CVE-2026-42080: Arbitrary File Write and Path Traversal in PPTAgent MCP Server\n\n> **CVSS Score:** 4.6\n> **Published:** 2026-05-05\n> **Full Report:** https://cvereports.com/reports/CVE-2026-42080\n\n## Summary\nPPTAgent versions prior to commit 418491a9a1c02d9d93194b5973bb58df35cf9d00 contain a path traversal vulnerability (CWE-22) within the Model Context Protocol (MCP) server's file handling mechanisms. An attacker with low privileges can supply crafted file paths containing traversal sequences to write files or create directories outside the intended workspace boundaries. This results in unauthorized file modification and limited host filesystem exposure.\n\n## TL;DR\nA path traversal flaw in PPTAgent allows low-privileged attackers to write PowerPoint presentations and image files to arbitrary locations on the host filesystem via unvalidated path inputs.\n\n## Technical Details\n\n- **Vulnerability Class**: CWE-22: Path Traversal\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 4.6\n- **EPSS Score**: 0.00036\n- **Impact**: Arbitrary File Write / Directory Creation\n- **Exploit Status**: None\n- **CISA KEV**: Not Listed\n\n## Affected Systems\n\n- PPTAgent (icip-cas)\n- **PPTAgent**: < 418491a9a1c02d9d93194b5973bb58df35cf9d00 (Fixed in: `418491a9a1c02d9d93194b5973bb58df35cf9d00`)\n\n## Mitigation\n\n- Update PPTAgent to commit 418491a9a1c02d9d93194b5973bb58df35cf9d00 or later.\n- Run the PPTAgent MCP server with a dedicated, low-privileged user account.\n- Implement mandatory access controls to strictly limit write access to intended workspace directories.\n\n**Remediation Steps:**\n1. Pull the latest version of the PPTAgent repository containing commit 418491a9a1c02d9d93194b5973bb58df35cf9d00.\n2. Restart the PPTAgent MCP service to apply the updated Python codebase.\n3. Verify the service user account lacks write permissions outside the designated application workspace.\n\n## References\n\n- [NVD Vulnerability Detail - CVE-2026-42080](https://nvd.nist.gov/vuln/detail/CVE-2026-42080)\n- [GitHub Security Advisory GHSA-pxhg-7xr2-w7xg](https://github.com/icip-cas/PPTAgent/security/advisories/GHSA-pxhg-7xr2-w7xg)\n- [Patch Commit 418491a9a1c02d9d93194b5973bb58df35cf9d00](https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-42080) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-05T19:10:28.000000Z"}]}