{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/axle-bucamp/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7788"}],"_cs_exploited":false,"_cs_products":["MCP-Docusaurus"],"_cs_severities":["high"],"_cs_tags":["path-traversal","vulnerability","web-application"],"_cs_type":"advisory","_cs_vendors":["Axle-Bucamp"],"content_html":"\u003cp\u003eA path traversal vulnerability has been identified in Axle-Bucamp MCP-Docusaurus, affecting versions up to commit 404bc028e15ec304c9a045528560f4b5f27a17e0. The vulnerability resides within the \u003ccode\u003eupdate_document\u003c/code\u003e, \u003ccode\u003econtinue_document\u003c/code\u003e, \u003ccode\u003edelete_document\u003c/code\u003e, and \u003ccode\u003eget_content\u003c/code\u003e functions of the \u003ccode\u003eapp/routes/document.py\u003c/code\u003e file. By manipulating the \u003ccode\u003eDOCS_DIR/path\u003c/code\u003e argument, a remote attacker can gain unauthorized access to sensitive files on the server. The exploit is publicly available, increasing the risk of exploitation. The vendor employs a rolling release model, making it difficult to pinpoint specific affected versions, and has not yet responded to vulnerability reports. This vulnerability poses a significant threat to the confidentiality of data managed by MCP-Docusaurus.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an MCP-Docusaurus instance running a vulnerable version (\u0026lt;= 404bc028e15ec304c9a045528560f4b5f27a17e0).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003eupdate_document\u003c/code\u003e, \u003ccode\u003econtinue_document\u003c/code\u003e, \u003ccode\u003edelete_document\u003c/code\u003e, or \u003ccode\u003eget_content\u003c/code\u003e functions in \u003ccode\u003eapp/routes/document.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a modified \u003ccode\u003eDOCS_DIR/path\u003c/code\u003e argument containing path traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e, \u003ccode\u003e../../\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe MCP-Docusaurus application processes the malicious request without proper validation of the \u003ccode\u003epath\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eThe application constructs a file path using the attacker-controlled \u003ccode\u003epath\u003c/code\u003e argument, resulting in access to files outside the intended \u003ccode\u003eDOCS_DIR\u003c/code\u003e directory.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully reads, modifies, or deletes arbitrary files on the server, depending on the function targeted and server permissions.\u003c/li\u003e\n\u003cli\u003eThe attacker may escalate their access by retrieving sensitive configuration files containing credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages compromised credentials to gain further access to the system or network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability allows attackers to read sensitive files, potentially including configuration files, source code, and user data. Depending on the permissions of the application, attackers may also be able to modify or delete files, leading to data corruption or denial of service. Given the public availability of the exploit, organizations using vulnerable versions of MCP-Docusaurus are at high risk of compromise. The lack of vendor response further exacerbates the risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences (\u003ccode\u003e../\u003c/code\u003e, \u003ccode\u003e../../\u003c/code\u003e) in the URI, specifically targeting \u003ccode\u003eapp/routes/document.py\u003c/code\u003e (see example Sigma rule below).\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for the \u003ccode\u003eDOCS_DIR/path\u003c/code\u003e argument in the \u003ccode\u003eupdate_document\u003c/code\u003e, \u003ccode\u003econtinue_document\u003c/code\u003e, \u003ccode\u003edelete_document\u003c/code\u003e, and \u003ccode\u003eget_content\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003eSince specific version information is unavailable, prioritize upgrading to the latest version of MCP-Docusaurus as soon as a patch is released.\u003c/li\u003e\n\u003cli\u003eAudit access control configurations to limit the application\u0026rsquo;s access to only necessary files and directories.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T00:16:18Z","date_published":"2026-05-05T00:16:18Z","id":"/briefs/2026-05-mcp-docusaurus-path-traversal/","summary":"A path traversal vulnerability exists in Axle-Bucamp MCP-Docusaurus versions up to commit 404bc028e15ec304c9a045528560f4b5f27a17e0, allowing remote attackers to access sensitive files by manipulating the DOCS_DIR/path argument in specific functions.","title":"Axle-Bucamp MCP-Docusaurus Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-mcp-docusaurus-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Axle-Bucamp","version":"https://jsonfeed.org/version/1.1"}