CVE-2026-7588 MEDIUM

CVE-2026-7588: ggerve coding-standards-mcp server.py get_best_practices path traversal

Vendor Ggerve
Product coding-standards-mcp
Weakness CWE-22 · Path traversal
Published May 1, 2026
Last update May 1, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was found in ggerve coding-standards-mcp. This issue affects the function get_style_guide/get_best_practices of the file server.py. The manipulation of the argument Language results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Key dates

02Disclosure timeline

May 1, 2026 CVE published
May 1, 2026 Record updated