CVE-2026-7314

The vulnerability exists in spire-doc-mcp-server version 1.0.0, specifically in the convert_document tool located in src/spire_doc_mcp/api/conversion_tools.py. While the get_doc_path function properly validates the document_name argument to prevent path traversal, the output_path parameter is passed directly to ConversionHandler.convert_document() without canonicalization or enforcement of the intended WORD_FILES_PATH boundary [1]. This results in an external control of file name or path (CWE-73).

The attack can be performed remotely by sending crafted requests to the MCP server. An attacker can supply a output_path containing path traversal sequences (e.g., ../) to write converted documents to arbitrary locations on the filesystem. No authentication is required if the server is exposed to untrusted networks, and the exploit has been publicly disclosed [1,2].

Successful exploitation allows an attacker to create or overwrite files with the permissions of the service account, potentially leading to remote code execution, modification of server configuration, or data loss. Since the server is often integrated with AI agents (such as Cursor IDE), a compromised server could affect downstream workflows [2]. The vulnerability is documented in an issue report, and no patch has been released as of the disclosure date [1].

Mitigation is limited at this time because the vendor has not responded to the issue report. Users should restrict network access to the MCP server (e.g., via firewall or reverse proxy) and validate the output_path parameter externally. Monitoring for unexpected file creation is also recommended until a fix is provided [1,2].