Path Traversal Flaw in UsamaK98 Python Notebook MCP
CVE-2026-7810

6.9MEDIUM

Key Information:

Vendor: Usamak98
Status: Python-notebook-mcp
Vendor: CVE Published:; 5 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-7810?

A path traversal vulnerability has been identified in UsamaK98's python-notebook-mcp, affecting the create_notebook, read_notebook, edit_cell, and add_cell functions within server.py. This flaw allows attackers to navigate the file system and access unauthorized files remotely, which may lead to sensitive data exposure. The project maintains a rolling release model, hence specific version information for affected and repaired releases remains unavailable. Despite having been alerted to this issue through a submitted report, no response has been issued by the developers as of yet.

Affected Version(s)

python-notebook-mcp a05a232815809a7e425b5fa7be26e0d4369894c2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-7810 - Proof of Concept

References

https://vuldb.com/vuln/361070

vdb-entrytechnical-description

https://vuldb.com/vuln/361070/cti

signaturepermissions-required

https://vuldb.com/submit/807748

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 5, 2026
👾
Exploit known to exist
May 5, 2026
Vulnerability published
May 5, 2026
Vulnerability Reserved
May 4, 2026

Credit

CPT_Penner (VulDB User)

VulDB CNA Team

CVE-2026-7810 Data

JSON

Usamak98