Path Traversal in Ruvnet Sublinear-time-solver
CVE-2026-7645
A vulnerability was found in ruvnet sublinear-time-solver 1.5.0. Affected by this vulnerability is the function export_state of the file src/consciousness-explorer/mcp/server.js of the component MCP Interface. The manipulation results in p…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.001 (25.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L.
Affected products
- Ruvnet Sublinear-time-solver — versions 1.5.0
Weakness classification (CWE)
References
- VDB-360757 | ruvnet sublinear-time-solver MCP server.js export_state path traversal (technical-description, vdb-entry)
- VDB-360757 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
- Submit #806895 | ruvnet sublinear-time-solver / consciousness-explorer sublinear-time-solver 1.5.0, consciousness-explorer 1.1.1, commit 1210646955f33abe5c91f894cc7b04d024f62408 Path Traversal (third-party-advisory)
- cna@vuldb.com (issue-tracking, exploit)
- cna@vuldb.com (product)
Frequently asked questions
- What is CVE-2026-7645?
- CVE-2026-7645 is a medium-severity vulnerability in Ruvnet Sublinear-time-solver, classified under Path Traversal. CVSS score: 6.5/10. Published 2026-05-02.
- How severe is CVE-2026-7645?
- Medium severity. CVSS v3 base score is 6.5 out of 10.