A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_do…

A path traversal vulnerability (CVE-2026-7788) has been discovered in Axle-Bucamp MCP-Docusaurus affecting document management functions in app/routes/document.py. The vulnerability allows remote attackers to manipulate the DOCS_DIR/path argument to perform path traversal attacks. Multiple functions are affected including update_document, continue_document, delete_document, and get_content. The exploit has been publicly released and can be used for active attacks. The project maintainers have been notified through an issue report but have not yet responded. Due to the rolling release model, specific version information is not available.