A vulnerability, which was classified as critical, was found in tumf mcp-text-editor up to 1.0.2. This issue affects the function _validate_file_path of the file mcp_text_editor/text_editor.py. Such manipulation of the argument file_path leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-15138. The attack can be launched remotely. Moreover, an exploit is present.

The vendor closed the GitHub issue for this vulnerability without any explanation.