CVE-2026-7645 Overview
CVE-2026-7645 is a path traversal vulnerability [CWE-22] affecting ruvnet sublinear-time-solver version 1.5.0. The flaw resides in the export_state function within src/consciousness-explorer/mcp/server.js, part of the Model Context Protocol (MCP) Interface component. Attackers can manipulate path inputs to access files outside the intended directory scope. The vulnerability is exploitable remotely without authentication or user interaction. A public exploit has been disclosed, and the project maintainers have not responded to the issue report at the time of publication.
Critical Impact
Remote attackers can traverse the file system through the export_state MCP function to read or write files outside the intended directory, exposing sensitive application data.
Affected Products
- ruvnet sublinear-time-solver 1.5.0
- Component: MCP Interface (src/consciousness-explorer/mcp/server.js)
- Affected function: export_state
Discovery Timeline
- 2026-05-02 - CVE-2026-7645 published to NVD
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2026-7645
Vulnerability Analysis
The vulnerability exists in the export_state function inside src/consciousness-explorer/mcp/server.js. This function handles state export operations exposed through the MCP Interface. The function accepts a file path parameter from remote callers without sufficient sanitization or canonicalization. Attackers supplying traversal sequences such as ../ can break out of the intended export directory.
The MCP Interface is reachable over the network, and the function does not require authentication. Exploitation results in unauthorized file system access scoped to the privileges of the Node.js process running the solver. The flaw maps to [CWE-22] Improper Limitation of a Pathname to a Restricted Directory.
The EPSS score is 0.062% with a percentile of 19.117 as of 2026-05-07.
Root Cause
The export_state handler accepts user-controlled path input and concatenates it with a base directory before performing file operations. The code does not validate that the resolved path stays within the intended export root. Without canonicalization checks using functions like path.resolve combined with prefix validation, traversal sequences pass through unchecked.
Attack Vector
An attacker sends a crafted request to the MCP Interface invoking export_state with a path containing directory traversal sequences. The request travels over the network and requires no credentials. The server resolves the malicious path and performs file operations on locations outside the intended directory, exposing configuration files, source code, or other sensitive artifacts accessible to the process.
No verified exploit code is reproduced here. Refer to the GitHub Issue Discussion and the VulDB Vulnerability #360757 entries for technical details.
Detection Methods for CVE-2026-7645
Indicators of Compromise
- Inbound MCP requests to the export_state method containing ../, ..\\, URL-encoded %2e%2e%2f, or absolute path prefixes
- File access events from the Node.js solver process targeting paths outside the configured export directory
- Unexpected reads of sensitive files such as /etc/passwd, .env, or application configuration outside the project root
Detection Strategies
- Inspect MCP Interface request logs for path parameters that include traversal sequences or absolute paths
- Monitor file access syscalls from the node process running sublinear-time-solver for activity outside the intended working directory
- Apply web application firewall rules that flag traversal patterns in JSON request bodies destined for the MCP endpoint
Monitoring Recommendations
- Enable verbose logging of all export_state invocations including the resolved absolute path
- Forward Node.js application logs and host file access telemetry to a centralized SIEM for correlation
- Alert on any file operation by the solver process touching paths outside the explicit export root directory
How to Mitigate CVE-2026-7645
Immediate Actions Required
- Restrict network exposure of the MCP Interface to trusted hosts or place it behind authenticated reverse proxies
- Run the sublinear-time-solver process as an unprivileged user with file system access limited to the export directory
- Audit existing logs for prior export_state calls containing traversal patterns
Patch Information
No official patch is available at the time of publication. The maintainers of the ruvnet sublinear-time-solver project have not responded to the GitHub Issue Discussion reporting the flaw. Consumers should track the repository for fixes.
Workarounds
- Disable the export_state MCP function if state export is not required for production workloads
- Apply a local patch that canonicalizes the input path with path.resolve and rejects results that fall outside the configured export root
- Run the service inside a container or chroot with a minimal file system view to contain traversal impact
- Place an application-layer filter in front of the MCP endpoint to drop requests containing .. sequences in path parameters
# Example reverse proxy filter (nginx) to block traversal patterns in MCP requests
location /mcp/ {
if ($request_body ~* "\.\./|\.\.\\\\|%2e%2e%2f") {
return 400;
}
proxy_pass http://127.0.0.1:3000;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
