{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-7314/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7314"}],"_cs_exploited":false,"_cs_products":["spire-doc-mcp-server 1.0.0"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","cve-2026-7314"],"_cs_type":"advisory","_cs_vendors":["eiceblue"],"content_html":"\u003cp\u003eA critical path traversal vulnerability has been identified in eiceblue spire-doc-mcp-server version 1.0.0. The vulnerability resides within the \u003ccode\u003eget_doc_path\u003c/code\u003e function of the \u003ccode\u003esrc/spire_doc_mcp/api/base.py\u003c/code\u003e file. By manipulating the \u003ccode\u003edocument_name\u003c/code\u003e argument, an attacker can bypass intended directory restrictions and access files outside the designated document path. This attack can be initiated remotely without authentication, posing a significant risk. Public exploits are available, increasing the likelihood of exploitation. The vendor was notified through an issue report, but has not yet responded.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the spire-doc-mcp-server.\u003c/li\u003e\n\u003cli\u003eThe request targets an endpoint that utilizes the vulnerable \u003ccode\u003eget_doc_path\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates the \u003ccode\u003edocument_name\u003c/code\u003e parameter within the request.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edocument_name\u003c/code\u003e parameter contains a path traversal sequence (e.g., \u0026ldquo;../\u0026rdquo;) designed to escape the intended directory.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eget_doc_path\u003c/code\u003e function fails to properly sanitize or validate the \u003ccode\u003edocument_name\u003c/code\u003e input.\u003c/li\u003e\n\u003cli\u003eThe application constructs a file path based on the malicious input.\u003c/li\u003e\n\u003cli\u003eThe application attempts to read the file at the attacker-controlled path.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully retrieves the contents of an arbitrary file on the server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability allows an attacker to read sensitive files on the server. This could include configuration files containing credentials, source code, or other confidential data. The CVSS v3.1 score of 7.3 reflects the high severity of this issue. The lack of vendor response and availability of public exploits significantly increases the risk to organizations using vulnerable versions of spire-doc-mcp-server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Spire-doc-mcp-server Path Traversal Attempt\u003c/code\u003e to your SIEM to detect exploitation attempts by monitoring web server logs for path traversal sequences.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003edocument_name\u003c/code\u003e argument in the \u003ccode\u003eget_doc_path\u003c/code\u003e function within \u003ccode\u003esrc/spire_doc_mcp/api/base.py\u003c/code\u003e to prevent path traversal.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests containing path traversal sequences (e.g., \u0026ldquo;..%2F\u0026rdquo;, \u0026ldquo;../\u0026rdquo;) targeting endpoints related to document retrieval.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T12:00:00Z","date_published":"2026-04-29T12:00:00Z","id":"/briefs/2026-04-spire-doc-mcp-server-path-traversal/","summary":"A path traversal vulnerability exists in eiceblue spire-doc-mcp-server version 1.0.0, allowing a remote attacker to access arbitrary files by manipulating the 'document_name' argument in the 'get_doc_path' function.","title":"eiceblue spire-doc-mcp-server Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-spire-doc-mcp-server-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-7314","version":"https://jsonfeed.org/version/1.1"}