13 matches found
EUVD-2026-28473
A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been mad...
CVE-2026-8116
A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been mad...
xiaozhi-mcphub 路径遍历漏洞
xiaozhi-mcphub is an MCP tool bridge and multi-endpoint management tool adapted to Xiaozhi AI platform by Junsen Huang's personal developer. A path traversal vulnerability exists in xiaozhi-mcphub 1.0.3 and earlier versions, which originates from the operation of the parameter manifest.name in th...
CVE-2026-8116
CVE-2026-8116 affects the project “huangjunsen0406 xiaozhi-mcphub” up to version 1.0.3. The vulnerability is in the file src/controllers/dxtController.ts, where manipulation of the argument manifest.name enables path traversal. The attack could be initiated remotely, and the exploit has been publ...
CVE-2026-8116 huangjunsen0406 xiaozhi-mcphub dxtController.ts path traversal
A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been mad...
CVE-2026-8116
A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been mad...
PT-2026-38601
Name of the Vulnerable Software and Affected Versions huangjunsen0406 xiaozhi-mcphub versions prior to 1.0.4 Description A path traversal issue exists in the src/controllers/dxtController.ts file. A remote attacker can exploit this by manipulating the manifest.name argument, allowing unauthorized...
Directory Traversal
Overview @samanhappy/mcphub is an A hub server for mcp servers Affected versions of this package are vulnerable to Directory Traversal in the uploadMcpbFile process when the name field from the uploaded manifest.json is concatenated directly into file system paths without sanitization or...
GHSA-P3H2-2J4P-P83G MCPHub has Path Traversal via Malicious MCPB Manifest Name
MCPB File Upload Handler extracts a ZIP file and reads manifest.json from it. The name field in the manifest is directly concatenated into a file path line 107 without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where manifest.name is set t...
MCPHub has Path Traversal via Malicious MCPB Manifest Name
MCPB File Upload Handler extracts a ZIP file and reads manifest.json from it. The name field in the manifest is directly concatenated into a file path line 107 without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where manifest.name is set t...
GHSA-R9X3-WX45-2V7F PraisonAI recipe registry publish path traversal allows out-of-root file write
Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...
PraisonAI recipe registry publish path traversal allows out-of-root file write
Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...
PT-2026-30767
Summary PraisonAI's recipe registry publish endpoint writes uploaded recipe bundles to a filesystem path derived from the bundle's internal manifest.json before it verifies that the manifest name and version match the HTTP route. A malicious publisher can place ../ traversal sequences in the bund...