A vulnerability was found in alioshr memory-bank-mcp up to 0.2.1/3.1. It has been declared as problematic. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal.

This vulnerability is uniquely identified as CVE-2026-15524. Local access is required to approach this attack. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.