CVE-2026-15526

Source
https://cve.org/CVERecord?id=CVE-2026-15526
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15526.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-15526
Published
2026-07-13T02:45:08.736Z
Modified
2026-07-15T01:49:13.294669751Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
augmnt augments-mcp-server scan_project_deps scan-project-deps.ts scanProjectDeps path traversal
Details

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scanprojectdeps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "cna_assigner": "VulDB",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/15xxx/CVE-2026-15526.json",
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Git / github.com/augmnt/augments-mcp-server

Affected ranges

Type
GIT
Repo
https://github.com/augmnt/augments-mcp-server
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "7.1.0"
        },
        {
            "last_affected": "7.1.0"
        }
    ]
}

Affected versions

7.*
7.1.0
v7.*
v7.1.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15526.json"