{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mkdocs/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7159"}],"_cs_exploited":false,"_cs_products":["mkdocs-mcp-plugin (\u003c= 0.4.1)"],"_cs_severities":["high"],"_cs_tags":["path-traversal","mkdocs","CVE-2026-7159"],"_cs_type":"advisory","_cs_vendors":["douinc"],"content_html":"\u003cp\u003eA path traversal vulnerability, identified as CVE-2026-7159, has been discovered in douinc\u0026rsquo;s mkdocs-mcp-plugin, affecting versions up to 0.4.1. The flaw resides within the \u003ccode\u003eread_document\u003c/code\u003e and \u003ccode\u003elist_documents\u003c/code\u003e functions of the \u003ccode\u003eserver.py\u003c/code\u003e file. By manipulating the \u003ccode\u003edocs_dir\u003c/code\u003e or \u003ccode\u003efile_path\u003c/code\u003e arguments, a remote attacker can bypass intended access restrictions and potentially read sensitive files on the server. A public exploit is available, increasing the risk of exploitation. The vendor has acknowledged the vulnerability and plans to release a fix in the coming days. This vulnerability poses a significant risk to systems using the affected plugin, potentially exposing sensitive data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a server running a vulnerable version (\u0026lt;= 0.4.1) of the \u003ccode\u003emkdocs-mcp-plugin\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting the \u003ccode\u003eread_document\u003c/code\u003e or \u003ccode\u003elist_documents\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a manipulated \u003ccode\u003edocs_dir\u003c/code\u003e or \u003ccode\u003efile_path\u003c/code\u003e parameter designed to traverse the file system. This commonly involves using sequences like \u003ccode\u003e../\u003c/code\u003e to move up directories.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003eserver.py\u003c/code\u003e script fails to properly sanitize or validate the provided path.\u003c/li\u003e\n\u003cli\u003eThe application attempts to read a file outside the intended document root, based on the attacker-controlled path.\u003c/li\u003e\n\u003cli\u003eIf successful, the contents of the targeted file are returned in the HTTP response to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker can repeat this process to enumerate and access various sensitive files.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive information, potentially including configuration files, source code, or user data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability (CVE-2026-7159) can lead to unauthorized access to sensitive files on the server. This could include configuration files, application source code, or user data. The impact ranges from information disclosure to potential compromise of the entire system, depending on the nature of the exposed data. Given the public availability of an exploit, affected systems are at increased risk of attack. The vendor is planning to release a fix soon.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch for mkdocs-mcp-plugin as soon as it is released by the vendor to remediate CVE-2026-7159.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Mkdocs Path Traversal Attempt\u003c/code\u003e to identify exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious URL patterns containing path traversal sequences like \u003ccode\u003e../\u003c/code\u003e targeting file access endpoints, as detailed in the Attack Chain.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-28T12:00:00Z","date_published":"2026-04-28T12:00:00Z","id":"/briefs/2026-04-mkdocs-path-traversal/","summary":"A path traversal vulnerability exists in douinc mkdocs-mcp-plugin up to version 0.4.1, allowing remote attackers to access unauthorized files through manipulation of the docs_dir/file_path argument in the read_document/list_documents functions within server.py.","title":"mkdocs-mcp-plugin Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-mkdocs-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Mkdocs","version":"https://jsonfeed.org/version/1.1"}