CVE-2026-7212

Summary

A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the argument root_dir/path leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
edvardlindelofnotes-mcp0.1.0affected
edvardlindelofnotes-mcp0.1.1affected
edvardlindelofnotes-mcp0.1.2affected
edvardlindelofnotes-mcp0.1.3affected
edvardlindelofnotes-mcp0.1.4affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References