CVE-2026-10278
6.3 MEDIUMA vulnerability was determined in ishayoyo excel-mcp up to 1.0.2
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-22
Description
A vulnerability was determined in ishayoyo excel-mcp up to 1.0.2. Impacted is an unknown function of the file src/index.ts of the component read_file/write_file. Executing a manipulation of the argument filePath/outputPath can lead to path traversal. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10278
- [Other]https://github.com/ishayoyo/excel-mcp/
- [Other]https://github.com/ishayoyo/excel-mcp/issues/6
- [Other]https://vuldb.com/cve/CVE-2026-10278
- [Other]https://vuldb.com/submit/825418
- [Other]https://vuldb.com/vuln/367571
- [Other]https://vuldb.com/vuln/367571/cti
Related CVEs
Same CWE
- CVE-2026-12211 — A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26 (2.7 LOW)
- CVE-2026-12198 — A weakness has been identified in Microweber up to 2.0.20 (7.3 HIGH)
- CVE-2026-12089 — The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, an... (4.9 MEDIUM)
- CVE-2026-11442 — Allegra exportReport Directory Traversal Information Disclosure Vulnerability (6.5 MEDIUM)
- CVE-2026-53825 — OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gatewa... (6.5 MEDIUM)