PatchSiren

tugcantopaloglu CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW tugcantopaloglu CVE published 2026-07-13

CVE-2026-15522

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component run_project. The manipulation of the argument projectPath results in path traversal. Local attack is a requirement. The vulnerability has a CVSS score of 1.9 and a severity of LOW. Upgrading to version 3.0.0 addresses this issue. Th [truncated]