High severity7.3NVD Advisory· Published Apr 27, 2026· Updated Apr 29, 2026

CVE-2026-7159

Description

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor confirms, that the "fix will be published within a few days."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in douinc mkdocs-mcp-plugin up to 0.4.1 allows remote attackers to read arbitrary files via the docs_dir/file_path arguments.

Vulnerability

Overview

A path traversal vulnerability has been identified in the read_document and list_documents functions of the server.py file in the douinc mkdocs-mcp-plugin, affecting versions up to 0.4.1 [1]. By manipulating the docs_dir and file_path arguments, an attacker can traverse directories outside the intended root and access arbitrary files on the server.

Exploitation

The attack can be carried out remotely without any prior authentication, as the plugin's server interface exposes these functions over the network [1]. An attacker simply needs to craft a request with path traversal sequences (e.g., ../) in the file path parameter to read files outside the intended document root.

Impact

Successful exploitation allows an attacker to read sensitive files from the server file system, potentially including configuration files, credentials, or source code. This could lead to further compromise of the system or application [1].

Mitigation

The vendor has acknowledged the vulnerability and states that a fix will be published within a few days [1]. Until a patch is released, users should consider restricting network access to the plugin's server, or disabling the read_document/list_documents endpoints if not required.

References

NVD - CVE-2026-7159

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
mkdocs-mcp-pluginPyPI	<= 0.4.1	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-wfr3-hf93-qgg3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-7159ghsaADVISORY
github.com/douinc/mkdocs-mcp-plugin/issues/6nvdWEB
github.com/douinc/mkdocs-mcp-plugin/issues/6nvdWEB
vuldb.com/submit/802063nvdWEB
vuldb.com/vuln/359758nvdWEB
vuldb.com/vuln/359758/ctinvdWEB

News mentions

No linked articles in our index yet.

Severity

HighCVSS v3.1

7.3/ 10

CVSS v45.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: None
User interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

Probability of exploitation in the next 30 days.

0.09%

VYPR risk score

Composite of severity, exploitation, and reach.

0.47medium

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE ID

CVE-2026-7159

Source code

Credits

S(
SmallW (VulDB User)
reporter
VC
VulDB CNA Team
coordinator