A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element is the function update_do…

A path traversal vulnerability has been discovered in Axle-Bucamp MCP-Docusaurus affecting multiple document functions in app/routes/document.py. The vulnerability allows remote attackers to manipulate the DOCS_DIR/path argument to perform path traversal attacks. The exploit has been publicly released and can be used for attacks. The affected functions include update_document, continue_document, delete_document, and get_content. The project uses a rolling release model making specific version information unavailable. The maintainers have been notified through an issue report but have not responded yet.