{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/eiceblue/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7315"}],"_cs_exploited":false,"_cs_products":["spire-pdf-mcp-server"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","cve"],"_cs_type":"advisory","_cs_vendors":["eiceblue"],"content_html":"\u003cp\u003eA path traversal vulnerability, identified as CVE-2026-7315, affects eiceblue spire-pdf-mcp-server version 0.1.1. The vulnerability resides in the \u003ccode\u003eget_pdf_path\u003c/code\u003e function within the \u003ccode\u003esrc/spire_pdf_mcp/server.py\u003c/code\u003e file. By manipulating the \u003ccode\u003efilepath\u003c/code\u003e argument, a remote attacker can bypass directory traversal restrictions and potentially access sensitive files on the server. Public exploits are available, increasing the risk of exploitation. The vendor has been notified but has not yet provided a patch or response. This vulnerability poses a significant risk to systems running the affected software.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of eiceblue spire-pdf-mcp-server 0.1.1 exposed to the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003eget_pdf_path\u003c/code\u003e function, embedding a path traversal sequence (e.g., \u003ccode\u003e../\u003c/code\u003e) within the \u003ccode\u003efilepath\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe server receives the request and processes the \u003ccode\u003efilepath\u003c/code\u003e argument without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eget_pdf_path\u003c/code\u003e function constructs a file path using the attacker-controlled input, allowing the traversal of directories outside the intended PDF file storage location.\u003c/li\u003e\n\u003cli\u003eThe server attempts to access a file outside the intended directory, based on the manipulated path.\u003c/li\u003e\n\u003cli\u003eIf successful, the server reads the contents of the arbitrary file.\u003c/li\u003e\n\u003cli\u003eThe server returns the contents of the file to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to sensitive information, potentially including configuration files, credentials, or other confidential data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7315 allows a remote attacker to read arbitrary files on the server. This can lead to the disclosure of sensitive information, such as configuration files, credentials, or internal application code. The impact could include complete compromise of the affected system and potential lateral movement within the network. Given the availability of public exploits, the risk of widespread exploitation is elevated.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Spire-PDF Path Traversal Attempt\u003c/code\u003e to identify malicious requests containing path traversal sequences.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests targeting the \u003ccode\u003eget_pdf_path\u003c/code\u003e function with suspicious \u003ccode\u003efilepath\u003c/code\u003e parameters (e.g., containing \u0026ldquo;../\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization measures for the \u003ccode\u003efilepath\u003c/code\u003e argument in the \u003ccode\u003eget_pdf_path\u003c/code\u003e function to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates from the vendor as soon as they are released to address CVE-2026-7315.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T12:00:00Z","date_published":"2026-04-29T12:00:00Z","id":"/briefs/2026-04-spire-pdf-path-traversal/","summary":"A path traversal vulnerability exists in eiceblue spire-pdf-mcp-server version 0.1.1, allowing remote attackers to access arbitrary files via manipulation of the filepath argument in the get_pdf_path function.","title":"Eiceblue Spire-PDF-MCP-Server Path Traversal Vulnerability (CVE-2026-7315)","url":"https://feed.craftedsignal.io/briefs/2026-04-spire-pdf-path-traversal/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7314"}],"_cs_exploited":false,"_cs_products":["spire-doc-mcp-server 1.0.0"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","cve-2026-7314"],"_cs_type":"advisory","_cs_vendors":["eiceblue"],"content_html":"\u003cp\u003eA critical path traversal vulnerability has been identified in eiceblue spire-doc-mcp-server version 1.0.0. The vulnerability resides within the \u003ccode\u003eget_doc_path\u003c/code\u003e function of the \u003ccode\u003esrc/spire_doc_mcp/api/base.py\u003c/code\u003e file. By manipulating the \u003ccode\u003edocument_name\u003c/code\u003e argument, an attacker can bypass intended directory restrictions and access files outside the designated document path. This attack can be initiated remotely without authentication, posing a significant risk. Public exploits are available, increasing the likelihood of exploitation. The vendor was notified through an issue report, but has not yet responded.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the spire-doc-mcp-server.\u003c/li\u003e\n\u003cli\u003eThe request targets an endpoint that utilizes the vulnerable \u003ccode\u003eget_doc_path\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker manipulates the \u003ccode\u003edocument_name\u003c/code\u003e parameter within the request.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003edocument_name\u003c/code\u003e parameter contains a path traversal sequence (e.g., \u0026ldquo;../\u0026rdquo;) designed to escape the intended directory.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eget_doc_path\u003c/code\u003e function fails to properly sanitize or validate the \u003ccode\u003edocument_name\u003c/code\u003e input.\u003c/li\u003e\n\u003cli\u003eThe application constructs a file path based on the malicious input.\u003c/li\u003e\n\u003cli\u003eThe application attempts to read the file at the attacker-controlled path.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully retrieves the contents of an arbitrary file on the server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability allows an attacker to read sensitive files on the server. This could include configuration files containing credentials, source code, or other confidential data. The CVSS v3.1 score of 7.3 reflects the high severity of this issue. The lack of vendor response and availability of public exploits significantly increases the risk to organizations using vulnerable versions of spire-doc-mcp-server.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Spire-doc-mcp-server Path Traversal Attempt\u003c/code\u003e to your SIEM to detect exploitation attempts by monitoring web server logs for path traversal sequences.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003edocument_name\u003c/code\u003e argument in the \u003ccode\u003eget_doc_path\u003c/code\u003e function within \u003ccode\u003esrc/spire_doc_mcp/api/base.py\u003c/code\u003e to prevent path traversal.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests containing path traversal sequences (e.g., \u0026ldquo;..%2F\u0026rdquo;, \u0026ldquo;../\u0026rdquo;) targeting endpoints related to document retrieval.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T12:00:00Z","date_published":"2026-04-29T12:00:00Z","id":"/briefs/2026-04-spire-doc-mcp-server-path-traversal/","summary":"A path traversal vulnerability exists in eiceblue spire-doc-mcp-server version 1.0.0, allowing a remote attacker to access arbitrary files by manipulating the 'document_name' argument in the 'get_doc_path' function.","title":"eiceblue spire-doc-mcp-server Path Traversal Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-spire-doc-mcp-server-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Eiceblue","version":"https://jsonfeed.org/version/1.1"}