A path traversal vulnerability (CVE-2026-7788) has been discovered in Axle-Bucamp MCP-Docusaurus affecting document management functions in app/routes/document.py. The vulnerability allows remote attackers to manipulate the DOCS_DIR/path argument to perform path traversal attacks. Multiple functions are affected including update_document, continue_document, delete_document, and get_content. The exploit has been publicly released and can be used for active attacks. The project maintainers have been notified through an issue report but have not yet responded. Due to the rolling release model, specific version information is not available.