A vulnerability was found in mastergo-design mastergo-magic-mcp up to 0.2.0. It has been declared as critical. Impacted is the function
z.string of the file src/tools/get-component-link.ts of the component mcp__getComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery.
This vulnerability appears as CVE-2026-15750. The attack may be performed from remote. In addition, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.