CVE-2026-15751 | mastergo-design mastergo-magic-mcp up to 0.2.0 mcp__getComponentGenerator component-workflow.md execute rootPath path traversal (Issue 90)
A vulnerability was found in mastergo-design mastergo-magic-mcp up to 0.2.0. It has been rated as critical. The affected element is the function execute of the file mastergo/component-workflow.md of the component mcp__getComponentGenerator. The manipulation of the argument rootPath leads to path traversal.
This vulnerability is traded as CVE-2026-15751. An attack has to be approached locally. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More