Absolute Path Traversal Vulnerability in Deepractice PromptX Document File Handler
CVE-2026-7217

6.9MEDIUM

Key Information:

Vendor

Deepractice

Status
Promptx
Vendor
CVE Published:
28 April 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-7217?

A security flaw has been identified in Deepractice PromptX, affecting versions up to 2.4.0. The issue lies within the Document File Handler's functions responsible for reading various file formats, including DOCX, XLSX, PPTX, and PDF. This vulnerability allows for absolute path traversal due to improper arguments passed to the file path manipulations. Attackers can exploit this remotely, potentially gaining unauthorized access to sensitive files on the server. Despite an early warning through an issue report, the vendor has yet to address the matter. For detailed information, visit the issue tracking on GitHub and databases documenting this vulnerability.

Affected Version(s)

PromptX 2.0

PromptX 2.1

PromptX 2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-7217 - Proof of Concept

References

https://vuldb.com/vuln/359817
vdb-entrytechnical-description
https://vuldb.com/vuln/359817/cti
signaturepermissions-required
https://vuldb.com/submit/802120
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

BruceJin (VulDB User)
VulDB CNA Team
.