ruvnet sublinear-time-solver MCP server.js export_state path traversal_CVE-2026-7645

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7645

Source VulDB

Published May 2, 2026 at 15:15

Affected Product

Vendor ruvnet

Product sublinear-time-solver

Version 1.5.0

Affected Versions ruvnet sublinear-time-solver 1.5.0

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-05-02T15:15:12.031Z",
    "modified": "2026-05-02T15:15:12.031Z",
    "type": "cve",
    "title": "ruvnet sublinear-time-solver MCP server.js export_state path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360757\nhttps://vuldb.com/vuln/360757/cti\nhttps://vuldb.com/submit/806895\nhttps://github.com/ruvnet/sublinear-time-solver/issues/19\nhttps://github.com/ruvnet/sublinear-time-solver/",
    "id": "CVE-2026-7645",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "ruvnet sublinear-time-solver 1.5.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "sublinear-time-solver",
    "version": "1.5.0",
    "vendor": "ruvnet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}