A path traversal vulnerability was identified in duartium papers-mcp-server affecting the search_papers function in src/main.py. The vulnerability allows remote attackers to manipulate the topic argument to perform path traversal attacks. An exploit is publicly available and the attack can be launched remotely. The project maintainers were notified through an issue report but have not responded yet. This represents an actively exploitable vulnerability with public proof-of-concept code available.