CVE-2026-8116 Overview
CVE-2026-8116 is a path traversal vulnerability [CWE-22] in the huangjunsen0406/xiaozhi-mcphub project through version 1.0.3. The flaw exists in src/controllers/dxtController.ts, where the manifest.name argument is processed without proper sanitization. An authenticated remote attacker can manipulate this argument to access files outside the intended directory. Public exploit details are available, and the project maintainer has not responded to the issue report at the time of disclosure.
Critical Impact
Remote attackers with low privileges can traverse the file system via the manifest.name parameter, leading to limited confidentiality, integrity, and availability impact on the host running xiaozhi-mcphub.
Affected Products
- huangjunsen0406 xiaozhi-mcphub versions up to and including 1.0.3
- Component: src/controllers/dxtController.ts
- Deployments exposing the DXT controller endpoint to network access
Discovery Timeline
- 2026-05-08 - CVE-2026-8116 published to NVD
- 2026-05-08 - Last updated in NVD database
Technical Details for CVE-2026-8116
Vulnerability Analysis
The vulnerability is a path traversal weakness affecting the DXT controller logic in xiaozhi-mcphub. When the application processes a manifest object, the manifest.name field is used to construct file system paths without validating or normalizing the supplied value. This allows an attacker to inject directory traversal sequences such as ../ to escape the intended working directory.
The issue is reachable over the network and requires only low privileges. According to the public disclosure, exploit information has been published, and the upstream project was notified through a GitHub Issue Tracker report but has not addressed the report. The EPSS score is 0.065%, indicating low observed exploitation likelihood at the time of analysis.
Root Cause
The root cause is missing input validation on the manifest.name argument in src/controllers/dxtController.ts. The controller concatenates or joins this attacker-controlled string into a file path used for read or write operations. Without canonicalization or an allow-list check, traversal sequences resolve to locations outside the intended directory tree.
Attack Vector
An authenticated remote attacker submits a crafted manifest payload to the DXT controller endpoint. The manifest.name field contains directory traversal sequences such as ../../etc/passwd or Windows equivalents. The server resolves the path and performs the requested file operation outside the application's working directory. No user interaction is required, and the attack proceeds over standard network protocols.
Real code examples are not available for this CVE. Refer to the GitHub Project Repository and the VulDB Vulnerability #361904 entry for additional technical detail.
Detection Methods for CVE-2026-8116
Indicators of Compromise
- HTTP requests to DXT controller routes containing traversal sequences such as ../, ..\, %2e%2e%2f, or URL-encoded variants in the manifest.name field
- Application log entries showing file reads or writes outside the configured xiaozhi-mcphub working directory
- Access to sensitive system files such as /etc/passwd, /etc/shadow, or application configuration files originating from the xiaozhi-mcphub process
Detection Strategies
- Inspect application and reverse-proxy logs for manifest upload requests where the name field contains path separators or encoded traversal patterns
- Deploy file integrity monitoring on directories outside the xiaozhi-mcphub working tree to flag unexpected access by the Node.js process
- Correlate authentication events with file system telemetry to identify low-privilege accounts performing anomalous file operations
Monitoring Recommendations
- Enable verbose request logging on the DXT controller endpoint and forward logs to a centralized SIEM for pattern matching
- Alert on process file-access events originating from the xiaozhi-mcphub runtime that resolve to paths outside its application root
- Track outbound connections and file exfiltration patterns from hosts running xiaozhi-mcphub instances
How to Mitigate CVE-2026-8116
Immediate Actions Required
- Restrict network exposure of the xiaozhi-mcphub DXT controller endpoint to trusted networks only
- Audit existing manifest submissions for traversal sequences in the name field and review file system activity for suspicious access
- Run the xiaozhi-mcphub process under a dedicated low-privilege account with file system permissions limited to its working directory
Patch Information
No official patch is available at the time of writing. The maintainer of the GitHub Project Repository has not responded to the GitHub Issue Tracker report. Track the upstream project for new releases beyond version 1.0.3 and review the VulDB Vulnerability #361904 entry for status updates.
Workarounds
- Place xiaozhi-mcphub behind a web application firewall (WAF) configured to block path traversal patterns in JSON request bodies
- Apply a reverse-proxy rule that rejects requests where the manifest payload contains .., /, or \ characters in the name field
- Containerize the deployment with a read-only root filesystem and mount only the required writable paths to limit traversal impact
- Disable the DXT controller endpoint entirely if it is not required for production workloads
# Example nginx rule to drop requests with traversal sequences in manifest names
location /api/dxt {
if ($request_body ~* "\"name\"\s*:\s*\"[^\"]*\\.\\.") {
return 400;
}
proxy_pass http://xiaozhi-mcphub-backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
