CVE-2026-7788 POC (Proof-of-Concept)

A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_document/continue_document/delete_document/get_content of the file app/routes/document.py. Performing a manipulation of the argument DOCS_DIR/path results in path traversal. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-05-05

CVSS: 7.5

CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Download CVE-2026-7788 POC (Proof-of-Concept) here:

http://zeroday6mns52t72y3rsle7f72wca5uwn2xzktdysf72flozx7sv4mqd.onion/exploit-for-cve-2026-7788.736/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://hokyo.gr/poc-732-cve-2026-5786/

https://hokyo.gr/poc-622-cve-2026-8000/

https://hokyo.gr/poc-848-cve-2026-41496/