huangjunsen0406 xiaozhi-mcphub dxtController.ts path traversal_CVE-2026-8116

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-8116

Source VulDB

Published May 7, 2026 at 23:30

Affected Product

Vendor huangjunsen0406

Product xiaozhi-mcphub

Version 1.0.0

Affected Versions huangjunsen0406 xiaozhi-mcphub 1.0.0
huangjunsen0406 xiaozhi-mcphub 1.0.1
huangjunsen0406 xiaozhi-mcphub 1.0.2
huangjunsen0406 xiaozhi-mcphub 1.0.3

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-05-07T23:30:11.843Z",
    "modified": "2026-05-07T23:30:11.843Z",
    "type": "cve",
    "title": "huangjunsen0406 xiaozhi-mcphub dxtController.ts path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/361904\nhttps://vuldb.com/vuln/361904/cti\nhttps://vuldb.com/submit/808260\nhttps://github.com/huangjunsen0406/xiaozhi-mcphub/issues/29\nhttps://github.com/huangjunsen0406/xiaozhi-mcphub/",
    "id": "CVE-2026-8116",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "huangjunsen0406 xiaozhi-mcphub 1.0.0\nhuangjunsen0406 xiaozhi-mcphub 1.0.1\nhuangjunsen0406 xiaozhi-mcphub 1.0.2\nhuangjunsen0406 xiaozhi-mcphub 1.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "xiaozhi-mcphub",
    "version": "1.0.0",
    "vendor": "huangjunsen0406",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}