๐Ÿ” CVE Alert

CVE-2026-15138

MEDIUM 6.3

tumf mcp-text-editor text_editor.py _validate_file_path path traversal

CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th

A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp_text_editor/text_editor.py. Such manipulation of the argument file_path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor closed the GitHub issue for this vulnerability without any explanation.

CWE CWE-22
Vendor tumf
Product mcp-text-editor
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for tumf mcp-text-editor

Be the first to know when new medium vulnerabilities affecting tumf mcp-text-editor are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

tumf / mcp-text-editor
1.0.0 1.0.1 1.0.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/376953 vuldb.com: https://vuldb.com/vuln/376953/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15138 vuldb.com: https://vuldb.com/submit/851188 github.com: https://github.com/tumf/mcp-text-editor/issues/22 github.com: https://github.com/tumf/mcp-text-editor/

Credits

๐Ÿ” geochen (VulDB User) VulDB CNA Team