CVE-2026-8116

Vulnerability

Overview

A path traversal vulnerability (CWE-22) has been identified in huangjunsen0406/xiaozhi-mcphub up to version 1.0.3. The flaw resides in the DXT upload handler within src/controllers/dxtController.ts. When processing an uploaded .dxt archive, the application reads a manifest.json file from the archive and uses the untrusted manifest.name value to construct the final extraction directory. Because manifest.name is not sanitized or validated against path traversal sequences, an attacker can inject directory traversal payloads (e.g., ../) to cause extracted files to be written outside the intended upload directory [1][2].

Exploitation

Prerequisites

Exploitation requires an authenticated user who can upload a crafted DXT archive. The attack is performed remotely by sending a malicious archive where the manifest.name field contains path traversal sequences. The vulnerable code then uses path.join with the unsanitized name to compute the final extraction path, and subsequently moves files from a temporary directory to that location via fs.renameSync [2]. No additional privileges beyond standard upload access are needed.

Impact

Successful exploitation allows an attacker to write arbitrary files to arbitrary locations on the server filesystem, subject to the permissions of the running process. This could lead to overwriting critical configuration files, injecting malicious scripts (e.g., into web-accessible directories), or achieving remote code execution. The vulnerability has been publicly disclosed with a proof-of-concept, increasing the risk of active exploitation [2].

Mitigation

Status

As of the publication date, the vendor has not responded to the issue report and no patch is available. Users are advised to restrict access to the DXT upload functionality, monitor for suspicious uploads, and consider applying network-level controls until a fix is released [1][2].