CVE-2026-15138
tumf mcp-text-editor text_editor.py _validate_file_path path traversal
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp_text_editor/text_editor.py. Such manipulation of the argument file_path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor closed the GitHub issue for this vulnerability without any explanation.
| CWE | CWE-22 |
| Vendor | tumf |
| Product | mcp-text-editor |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for tumf mcp-text-editor
Be the first to know when new medium vulnerabilities affecting tumf mcp-text-editor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
tumf / mcp-text-editor
1.0.0 1.0.1 1.0.2
References
Credits
๐ geochen (VulDB User) VulDB CNA Team