What is CVE-2026-7627?

A low-severity path traversal vulnerability in 8nite Metatrader-4-MCP (version 1.0.0) can be exploited remotely. Organizations should prioritize remediation efforts to mitigate potential risks.

What is the severity of CVE-2026-7627?

CVE-2026-7627 has a severity rating of LOW with a CVSS base score of 2.1.

CVE-2026-7627 | Low Vulnerability in 8nite Metatrader-4-MCP

A security vulnerability has been detected in 8nite Metatrader-4-MCP 1.0.0. This vulnerability affects the function CallToolRequestSchema of the file src/index.ts of the component sync_ea_from_file. Such manipulation of the argument ea_name leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

The severity level of this vulnerability is classified as low, with a CVSS score of 2.1. Despite this low score, organizations must be cautious as the potential for exploitation exists. The low severity does not diminish the need for organizations to assess the impact and take appropriate steps to mitigate risks.

Risk to organizations includes unauthorized access to sensitive files and potential data exposure, which can lead to further exploitation. As the vulnerability allows remote attacks, it is essential for organizations to implement necessary security measures promptly.

Organizations should prioritize patching immediately. Failure to address this vulnerability may result in severe consequences for the security of the affected systems.

Vulnerability Details

The vulnerability allows for path traversal, which can be exploited by manipulating the input parameters. The CVSS score of 2.1 indicates a low severity level, suggesting that while the vulnerability exists, the immediate impact may be limited without further exploits.

The affected product, 8nite Metatrader-4-MCP, is a trading platform. The vulnerability was published on May 2, 2026, and is classified under CWE-22.

Technical Analysis

The root cause of this vulnerability is related to the improper validation of user input. Attackers may leverage this vulnerability to gain unauthorized access to files by manipulating the path provided in the request.

The attack vector is through the network, and the complexity of the attack is low. Only low privileges are required to execute the attack, and no user interaction is necessary. The confidentiality, integrity, and availability impacts are all classified as low.

Risk & Impact Analysis

Organizations using 8nite Metatrader-4-MCP should recognize the potential risks associated with this vulnerability. The path traversal could allow unauthorized access to sensitive files, which may lead to data breaches or further exploitation of the system.

The blast radius could be significant if the vulnerability is exploited, especially in environments relying heavily on the integrity of the trading platform. Given the low CVSS score, organizations may consider this as part of their routine maintenance but should remain vigilant.

Due to the proof-of-concept exploit available, organizations should schedule remediation as part of their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch are affected. The specific impacted version is 8nite Metatrader-4-MCP 1.0.0.

Mitigation & Remediation

Organizations should apply available patches or updates to remediate this vulnerability. If a patch is unavailable, as a workaround, organizations should implement additional input validation and restrict the use of path traversal techniques in their applications.

For further assistance on security testing, organizations can consult sources on penetration testing best practices.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual file access patterns and any unauthorized attempts to manipulate the application's parameters.

Additionally, organizations should look for behavioral anomalies that suggest path traversal attempts and implement network signatures that can alert on such activities.

AppSecure Threat Intelligence Insight

Long-term significance of this vulnerability lies in its potential use as a vector for more severe attacks if left unaddressed. Security teams should consider this vulnerability as part of a broader strategy to enhance their defensive posture.

Patterns of exploitation for similar vulnerabilities demonstrate attackers often leverage low-severity issues to gain footholds within systems. Organizations should be proactive in identifying and mitigating such risks.

For a comprehensive approach to security, consider reviewing the latest resources on penetration testing methodology and the importance of a robust vulnerability management program in mitigating similar threats.

Maintaining awareness of threat trends and adapting security measures accordingly is critical for organizational resilience against evolving attack strategies.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-7627: Low Vulnerability in 8nite Metatrader-4-MCP