CVE-2026-15750 | mastergo-design mastergo-magic-mcp up to 0.2.0 mcp__getComponentLink get-component-link.ts z.string url server-side request forgery (Issue 89)

SecurityVulns

A vulnerability was found in mastergo-design mastergo-magic-mcp up to 0.2.0. It has been declared as critical. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcp__getComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery.

This vulnerability appears as CVE-2026-15750. The attack may be performed from remote. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More