Skip to main content

Memory Bank Mcp

1 CVEs product

Monthly

CVE-2026-15524 LOW POC Monitor

Path traversal in alioshr memory-bank-mcp through versions 0.2.1 and 3.1 allows a local low-privileged user to read files outside the intended project directory boundary by supplying traversal sequences in the `projectName` argument processed by `list-project-files-validation-factory.ts`. A public proof-of-concept has been disclosed via GitHub issue #36, and no patch is available as the vendor has not yet responded to the coordinated disclosure. No confirmed active exploitation has been identified (not listed in CISA KEV), though the public exploit lowers the barrier for opportunistic local abuse.

Path Traversal Memory Bank Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
EPSS 0% CVSS 1.9
LOW POC Monitor

Path traversal in alioshr memory-bank-mcp through versions 0.2.1 and 3.1 allows a local low-privileged user to read files outside the intended project directory boundary by supplying traversal sequences in the `projectName` argument processed by `list-project-files-validation-factory.ts`. A public proof-of-concept has been disclosed via GitHub issue #36, and no patch is available as the vendor has not yet responded to the coordinated disclosure. No confirmed active exploitation has been identified (not listed in CISA KEV), though the public exploit lowers the barrier for opportunistic local abuse.

Path Traversal Memory Bank Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy