CVE-2026-7788 Overview
CVE-2026-7788 is a path traversal vulnerability [CWE-22] in Axle-Bucamp MCP-Docusaurus, an open-source project distributed through a rolling release model. The flaw resides in the document handling routes within app/routes/document.py, specifically the update_document, continue_document, delete_document, and get_content functions. Attackers can manipulate the DOCS_DIR/path argument to traverse outside the intended documents directory. The attack is remote and requires no authentication or user interaction. A public proof-of-concept exists, increasing the likelihood of opportunistic exploitation. The maintainers were notified through an issue report but have not yet responded at the time of disclosure.
Critical Impact
Unauthenticated remote attackers can read, modify, or delete files outside the intended document directory by supplying crafted path arguments to vulnerable document routes.
Affected Products
- Axle-Bucamp MCP-Docusaurus (rolling release)
- Commits up to and including 404bc028e15ec304c9a045528560f4b5f27a17e0
- Deployments exposing app/routes/document.py endpoints
Discovery Timeline
- 2026-05-05 - CVE-2026-7788 published to NVD
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2026-7788
Vulnerability Analysis
The vulnerability is a classic path traversal flaw in the document management routes of MCP-Docusaurus. The functions update_document, continue_document, delete_document, and get_content in app/routes/document.py accept a path argument that is concatenated with the configured DOCS_DIR base directory. The application fails to canonicalize or validate the resulting path against the intended root. An attacker who supplies ../ sequences or absolute paths can escape the document directory and operate on arbitrary files reachable by the service account. Because the affected routes implement read, write, and delete operations, the impact spans confidentiality, integrity, and availability of files on the host filesystem.
Root Cause
The root cause is missing input validation and path normalization on the user-supplied path argument before it is joined with DOCS_DIR. The application does not enforce that the resolved file path remains within the intended base directory. Operating systems treat ../ as a parent-directory reference, so unsanitized concatenation allows directory escape. The CWE-22 classification reflects this improper limitation of a pathname to a restricted directory.
Attack Vector
Exploitation occurs over the network against any reachable instance of MCP-Docusaurus. The attacker issues HTTP requests to the affected document endpoints, supplying a crafted path argument such as a relative traversal sequence or an absolute path. Depending on the route invoked, the attacker can disclose file contents through get_content, overwrite files via update_document or continue_document, or remove files using delete_document. No credentials are required, and the public proof-of-concept lowers the barrier to entry. See the GitHub PoC Repository and the VulDB Vulnerability Entry for additional technical context.
Detection Methods for CVE-2026-7788
Indicators of Compromise
- Web server or application logs showing requests to document routes containing ../, URL-encoded traversal sequences (%2e%2e%2f), or absolute paths in the path parameter.
- Unexpected file modifications, deletions, or access to files outside the configured DOCS_DIR.
- Requests to update_document, continue_document, delete_document, or get_content originating from unfamiliar source IP addresses.
Detection Strategies
- Inspect HTTP request bodies and query strings for path traversal patterns directed at MCP-Docusaurus document endpoints.
- Correlate filesystem audit events on the host with HTTP access logs to identify file access that does not originate from legitimate document paths.
- Deploy a web application firewall ruleset that flags traversal sequences against the affected route prefixes.
Monitoring Recommendations
- Enable verbose request logging on the MCP-Docusaurus application and forward logs to a centralized analytics platform for retention and correlation.
- Establish baseline file access patterns under DOCS_DIR and alert on reads or writes that resolve outside this directory.
- Track outbound responses from get_content for unusually large payloads or content matching sensitive file signatures such as /etc/passwd or configuration files.
How to Mitigate CVE-2026-7788
Immediate Actions Required
- Restrict network exposure of MCP-Docusaurus instances to trusted networks or place them behind authenticated reverse proxies.
- Audit existing logs for traversal attempts against app/routes/document.py endpoints and investigate any matches.
- Run the MCP-Docusaurus service under a least-privilege user account that cannot read sensitive system files or write outside DOCS_DIR.
Patch Information
No official patch is available at the time of publication. The maintainers were notified through the GitHub Issue Tracker but have not responded. Because the project uses a rolling release model, no fixed version identifier exists. Operators should monitor the upstream repository for commits that introduce path canonicalization on the affected functions.
Workarounds
- Apply a local patch that resolves the user-supplied path with os.path.realpath and rejects any result that does not start with the canonicalized DOCS_DIR.
- Place a reverse proxy or web application firewall in front of the application and block requests containing ../, ..\\, or URL-encoded traversal payloads on document routes.
- Disable or remove the affected endpoints if the document modification features are not required in the deployment.
# Example reverse proxy rule blocking traversal sequences on document routes
location ~ ^/document/(update|continue|delete|get_content) {
if ($args ~* "(\.\./|%2e%2e%2f|%2e%2e/|\.\.%2f)") {
return 403;
}
proxy_pass http://mcp_docusaurus_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
