Deepractice PromptX Document File index.ts read_pdf absolute path traversal

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7217

Source VulDB

Published Apr 28, 2026 at 02:30

Affected Product

Vendor Deepractice

Product PromptX

Version 2.0

Affected Versions Deepractice PromptX 2.0
Deepractice PromptX 2.1
Deepractice PromptX 2.2
Deepractice PromptX 2.3
Deepractice PromptX 2.4.0

CWE Classification

CWE-36 CWE-22

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-28T02:30:15.100Z",
    "modified": "2026-04-28T02:30:15.100Z",
    "type": "cve",
    "title": "Deepractice PromptX Document File index.ts read_pdf absolute path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359817\nhttps://vuldb.com/vuln/359817/cti\nhttps://vuldb.com/submit/802120\nhttps://github.com/Deepractice/PromptX/issues/571\nhttps://github.com/Deepractice/PromptX/",
    "id": "CVE-2026-7217",
    "bulletinFamily": "",
    "cwe": [
        "CWE-36",
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Deepractice PromptX 2.0\nDeepractice PromptX 2.1\nDeepractice PromptX 2.2\nDeepractice PromptX 2.3\nDeepractice PromptX 2.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PromptX",
    "version": "2.0",
    "vendor": "Deepractice",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Deepractice PromptX Document File index.ts read_pdf absolute path traversal_CVE-2026-7217