Path Traversal Vulnerability in Mastergo Design's Magic MCP Tool
CVE-2026-15749
Key Information:
- Vendor
Mastergo-design
- Status
- Vendor
- CVE Published:
- 14 July 2026
Badges
What is CVE-2026-15749?
A security flaw has been identified in the Magic MCP tool by Mastergo Design, specifically affecting version 0.2.0. The vulnerability arises from improper handling of the argument 'filePath' in the 'execute' function of the 'src/tools/get-c2d.ts' file, allowing for path traversal attacks. This could enable an attacker to manipulate file paths and potentially access sensitive data on the system. The exploit has been made public, and the Mastergo Design team has been informed about the issue but has yet to respond to remedy the situation.
Affected Version(s)
mastergo-magic-mcp 0.1
mastergo-magic-mcp 0.2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
