Skip to content
CVSS 7.3 · HIGH

CVE-2026-7404

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Ver en NVD

Análisis

The mcpo-simple-server project is a niche tool for prompt management with limited adoption in the general software development community. While the vulnerability allows for remote path traversal to delete files, the small user base and lack of widespread deployment mean it does not warrant an alert for the broader community.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-22CWE-23

EPSS

Probabilidad de explotación (próx. 30 días): 0.0002 (0.0%)
Percentil: 6.5%
EPSS: 2026-05-06

Descripción técnica

A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py. This manipulation of the argument detail causes relative path traversal. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Publicada: 29/4/2026, 21:16:22
Última modificación: 29/4/2026, 21:16:40

Referencias

InicioEventosBlogRecursosEquipo