๐Ÿ” CVE Alert

CVE-2026-15526

LOW 3.3

augmnt augments-mcp-server scan_project_deps scan-project-deps.ts scanProjectDeps path traversal

CVSS Score
3.3
EPSS Score
0.1%
EPSS Percentile
4th

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan_project_deps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE CWE-22
Vendor augmnt
Product augments-mcp-server
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for augmnt augments-mcp-server

Be the first to know when new low vulnerabilities affecting augmnt augments-mcp-server are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

augmnt / augments-mcp-server
7.1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377855 vuldb.com: https://vuldb.com/vuln/377855/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15526 vuldb.com: https://vuldb.com/submit/854529 github.com: https://github.com/augmnt/augments-mcp-server/issues/8 github.com: https://github.com/augmnt/augments-mcp-server/

Credits

๐Ÿ” Mcfly_Zhang (VulDB User) VulDB CNA Team