CVE-2026-7217

MEDIUM 5.3

Deepractice PromptX Document File index.ts read_pdf absolute path traversal

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts of the component Document File Handler. Such manipulation of the argument path leads to absolute path traversal. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-36 CWE-22
Vendor	deepractice
Product	promptx
Published	Apr 28, 2026

Stay Ahead of the Next One

Get instant alerts for deepractice promptx

Be the first to know when new medium vulnerabilities affecting deepractice promptx are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Deepractice / PromptX

2.0 2.1 2.2 2.3 2.4.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/359817 vuldb.com: https://vuldb.com/vuln/359817/cti vuldb.com: https://vuldb.com/submit/802120 github.com: https://github.com/Deepractice/PromptX/issues/571 github.com: https://github.com/Deepractice/PromptX/

Credits

🔍 BruceJin (VulDB User) VulDB CNA Team