Skip to main content

Mcp Game Asset Gen

1 CVEs product

Monthly

CVE-2026-7594 MEDIUM POC This Month

Path traversal in Flux159 mcp-game-asset-gen 0.1.0 allows remote unauthenticated attackers to read, write, and potentially delete arbitrary files via manipulation of the statusFile parameter in the image_to_3d_async function. The vulnerability is confirmed actively exploited with publicly available exploit code (GitHub issue #3). CVSS 7.3 reflects network-accessible attack with low confidentiality, integrity, and availability impact. Despite early responsible disclosure via issue report, the maintainer has not responded, leaving the open-source project unpatched.

Path Traversal Mcp Game Asset Gen
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Path traversal in Flux159 mcp-game-asset-gen 0.1.0 allows remote unauthenticated attackers to read, write, and potentially delete arbitrary files via manipulation of the statusFile parameter in the image_to_3d_async function. The vulnerability is confirmed actively exploited with publicly available exploit code (GitHub issue #3). CVSS 7.3 reflects network-accessible attack with low confidentiality, integrity, and availability impact. Despite early responsible disclosure via issue report, the maintainer has not responded, leaving the open-source project unpatched.

Path Traversal Mcp Game Asset Gen
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy