Skip to main content

Augments Mcp Server

1 CVEs product

Monthly

CVE-2026-15526 LOW POC Monitor

Path traversal in augmnt augments-mcp-server 7.1.0 allows a local low-privileged attacker to read arbitrary files outside the intended project directory by manipulating the packageJsonPath argument passed to the scanProjectDeps function. The vulnerability is limited to confidentiality impact (VC:L) with no integrity or availability effect, and a proof-of-concept has been publicly disclosed via a GitHub issue. The vendor has not responded to the responsible disclosure report, meaning no patch is currently available.

Path Traversal Augments Mcp Server
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
EPSS 0% CVSS 1.9
LOW POC Monitor

Path traversal in augmnt augments-mcp-server 7.1.0 allows a local low-privileged attacker to read arbitrary files outside the intended project directory by manipulating the packageJsonPath argument passed to the scanProjectDeps function. The vulnerability is limited to confidentiality impact (VC:L) with no integrity or availability effect, and a proof-of-concept has been publicly disclosed via a GitHub issue. The vendor has not responded to the responsible disclosure report, meaning no patch is currently available.

Path Traversal Augments Mcp Server
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy