CVE-2026-7599
The vulnerability affects Dayoooun hwpx-mcp 0.2.0, specifically the MCP Interface. It targets the mcp-server/src/index.ts functions save_document, export_to_text, and export_to_html, enabling path traversal via manipulation of the argument output_path. This allows remote exploitation, and the exp...