CVE-2026-7599

Vulnerability

CVE-2026-7599 (CVSS 6.3) is an arbitrary file write flaw in Dayoooun's hwpx-mcp version 0.2.0 (commit 87850fd). The root cause lies in three MCP tool handlers — save_document, export_to_text, and export_to_html — defined in mcp-server/src/index.ts. These functions accept a user-supplied output_path argument and pass it directly to the filesystem write operations without validating whether the destination is restricted to a safe workspace directory. This makes the software susceptible to CWE-73 (External Control of File Name or Path) via path traversal or absolute path injection [2][3].

Exploitation is performed remotely. An attacker with network access to the MCP interface can craft a CallToolRequestSchema message containing a malicious output_path value (e.g., containing parent‑directory sequences like ../ or an absolute path pointing to a sensitive system location). The server then writes the generated HWPX content (from create_document) or exported text/HTML data to that arbitrary location using fs.writeFileSync [2]. No authentication is required beyond the ability to send MCP requests to the exposed server.

The impact is significant: the attacker can create or overwrite files anywhere the server process has write permissions. This can lead to integrity loss (e.g., corrupting configuration files), denial of service (by overwriting critical system files), or further compromise if writable paths are leveraged for code execution (e.g., planting scripts in a web directory). The vendor was notified via an issue report on the project's GitHub repository but has not responded, and no patched version has been released [2][3].

At the time of writing, there is no official fix available. Users of hwpx-mcp version 0.2.0 should consider limiting network access to the MCP interface, monitoring for unauthorized file writes, and closely tracking the repository for a security update [1][2][3]. Exploit code has been publicly disclosed, increasing the urgency for mitigations.