High severity7.3NVD Advisory· Published Apr 28, 2026· Updated Apr 29, 2026

CVE-2026-7315

Description

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in eiceblue spire-pdf-mcp-server 0.1.1 allows remote attackers to read, create, or convert arbitrary PDF files outside the intended directory.

Vulnerability in

get_pdf_path() in src/spire_pdf_mcp/server.py allows path traversal. The function returns absolute paths unchanged and joins relative paths to PDF_FILES_PATH without normalization or containment checks [1]. This enables attackers to escape the configured PDF directory using payloads like ../../../../tmp/poc.pdf or /tmp/poc.pdf [1].

Attackers can exploit this remotely by sending crafted filepath arguments to exposed tools such as create_pdfdocument and convert_pdfdocument [1][2]. No authentication is required; the server listens on a configurable port (default 8000) and integrates with AI agents via MCP [2].

Impact includes arbitrary PDF file creation, conversion to attacker-chosen output locations, and reading of any host PDF accessible to the service account [1]. The vulnerability has been publicly disclosed with a proof-of-concept [1].

As of the report date (April 10, 2026), the vendor has not responded or released a fix [1]. Users should restrict network access to the server and avoid exposing it to untrusted networks until a patch is available.

References

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Eiceblue/Spire Pdf Mcp Serverreferences2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 0.1.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

Severity

HighCVSS v3.1

7.3/ 10

CVSS v45.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: None
User interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: Low

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

Probability of exploitation in the next 30 days.

0.06%

VYPR risk score

Composite of severity, exploitation, and reach.

0.47medium

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE ID

CVE-2026-7315

Source code

github.com/eiceblue/spire-pdf-mcp-server/

Credits

L(
LittleW (VulDB User)
reporter
VC
VulDB CNA Team
coordinator