CVE-2026-15526
augmnt augments-mcp-server scan_project_deps scan-project-deps.ts scanProjectDeps path traversal
CVSS Score
3.3
EPSS Score
0.1%
EPSS Percentile
4th
A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan_project_deps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-22 |
| Vendor | augmnt |
| Product | augments-mcp-server |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for augmnt augments-mcp-server
Be the first to know when new low vulnerabilities affecting augmnt augments-mcp-server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
augmnt / augments-mcp-server
7.1.0
References
vuldb.com: https://vuldb.com/vuln/377855 vuldb.com: https://vuldb.com/vuln/377855/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15526 vuldb.com: https://vuldb.com/submit/854529 github.com: https://github.com/augmnt/augments-mcp-server/issues/8 github.com: https://github.com/augmnt/augments-mcp-server/
Credits
๐ Mcfly_Zhang (VulDB User) VulDB CNA Team