Skip to content
CVSS 7.3 · HIGH

CVE-2026-7319

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used.

Ver en NVD

Análisis

This vulnerability affects execution-system-mcp, a specific Model Context Protocol (MCP) server for LLMs with very low distribution. While it is a remote path traversal bug with a public exploit, the tool is a niche utility and not a standard part of the MexicoDev stack or general server infrastructure.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-22

EPSS

Probabilidad de explotación (próx. 30 días): 0.0010 (0.1%)
Percentil: 27.5%
EPSS: 2026-05-06

Descripción técnica

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. This manipulation of the argument context causes path traversal. The attack can be initiated remotely. The exploit has been published and may be used.

Publicada: 28/4/2026, 22:16:52
Última modificación: 29/4/2026, 21:16:21

Referencias

InicioEventosBlogRecursosEquipo