CVE-2026-15138 PUBLISHED

tumf mcp-text-editor text_editor.py _validate_file_path path traversal

Assigner: VulDB
Reserved: 08.07.2026 Published: 09.07.2026 Updated: 09.07.2026

A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp_text_editor/text_editor.py. Such manipulation of the argument file_path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor closed the GitHub issue for this vulnerability without any explanation.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 5.3

Product Status

Vendor tumf
Product mcp-text-editor
Versions
  • Version 1.0.0 is affected
  • Version 1.0.1 is affected
  • Version 1.0.2 is affected

Credits

  • geochen (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Path Traversal CWE