CVE-2026-15526
Received Received - Intake

Path Traversal in augmnt augments-mcp-server

Vulnerability report for CVE-2026-15526, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan_project_deps. Executing a manipulation of the argument packageJsonPath can lead to path traversal. The attack can only be executed locally. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
augmnt augments-mcp-server 7.1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the augmnt augments-mcp-server version 7.1.0, specifically in the scanProjectDeps function of the scan_project_deps component. It arises because the argument packageJsonPath is not properly validated or sanitized before being used to read files. This allows an attacker with local access to manipulate the path to perform a path traversal attack.

By exploiting this flaw, an attacker can cause the server to read arbitrary files on the host system, including files outside the intended project directory. This is possible because the packageJsonPath is passed directly to the file reading function without any checks to confine it to a safe directory or to prevent traversal sequences like '../'.

As a result, sensitive files such as configuration files or credentials can be read. Additionally, error messages may leak partial file contents, and dependency names extracted from JSON files may be sent to external servers, potentially leaking sensitive information.

Impact Analysis

This vulnerability can impact you by allowing a local attacker to read arbitrary files on the system where the augments-mcp-server is running. This can lead to exposure of sensitive information such as credentials, configuration details, or other private data stored in files accessible to the server process.

Moreover, the vulnerability can cause leakage of partial file contents through error messages, which can be used to confirm the existence of files or gain fragments of sensitive data.

There is also a risk that dependency names extracted from the read JSON files are sent to external services (like registry.npmjs.org), which could inadvertently leak sensitive keys or information.

Detection Guidance

This vulnerability can be detected by attempting to exploit the path traversal flaw in the scanProjectDeps function by manipulating the packageJsonPath argument to access files outside the intended directory.

Since the vulnerability allows reading arbitrary files via path traversal sequences like '../', you can test by sending requests or commands that specify paths to sensitive files (e.g., /etc/passwd or other configuration files) through the vulnerable interface.

Because the attack is local and involves the augments-mcp-server's scan_project_deps tool, detection can involve monitoring for unusual or unauthorized local calls to scanProjectDeps with suspicious packageJsonPath arguments containing traversal sequences.

No explicit commands are provided in the resources, but a general approach would be to run local scripts or commands that invoke the scanProjectDeps function with crafted packageJsonPath values containing '../' sequences to check if files outside the project directory can be read.

Mitigation Strategies

Immediate mitigation steps include restricting local access to the augments-mcp-server, especially to the scan_project_deps tool, to trusted users only, since the exploit requires local execution.

Avoid running the vulnerable version 7.1.0 of augments-mcp-server or disable the scanProjectDeps functionality until a patch or fix is available.

Implement input validation and sanitization on the packageJsonPath argument to prevent path traversal by ensuring paths are resolved relative to a defined project root and only allow access to legitimate package.json files.

Sanitize error messages to avoid leaking file content through SyntaxError messages.

Compliance Impact

The vulnerability allows local attackers to perform path traversal and read arbitrary files on the host system, including sensitive data such as credentials or configuration details contained in JSON files. This unauthorized access and potential data leakage could lead to violations of data protection regulations like GDPR or HIPAA, which require strict controls over access to personal and sensitive information.

Additionally, the leakage of sensitive keys to external services (e.g., registry.npmjs.org) through dependency name extraction could further compromise data confidentiality and integrity, impacting compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15526. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart