CVE-2026-7217 in PromptXinfo

Zusammenfassung

von MITRE • 28.04.2026

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulDB

Veröffentlichung

28.04.2026

Moderieren

akzeptiert

Eintrag

VDB-359817

CPE

bereit

CWE

CWE-36 (bestätigt)

Exploit

Download

CVSS

5.3 (VulDB)

EPSS

0.00062

KEV

nein

Aktivitäten

low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7217
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7217
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7217/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!