A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performin…

A path traversal vulnerability (CVE-2026-7314) was discovered in eiceblue spire-doc-mcp-server version 1.0.0. The vulnerability affects the get_doc_path function in src/spire_doc_mcp/api/base.py file. Attackers can manipulate the document_name argument to achieve path traversal. The attack can be initiated remotely and the exploit is publicly available. The project maintainer was notified through an issue report but has not responded. This represents a high-risk vulnerability due to remote exploitability and public exploit availability.