LOW
tugcantopaloglu
CVE published 2026-07-13
CVE-2026-15522
A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component run_project. The manipulation of the argument projectPath results in path traversal. Local attack is a requirement. The vulnerability has a CVSS score of 1.9 and a severity of LOW. Upgrading to version 3.0.0 addresses this issue. Th [truncated]