A vulnerability categorized as problematic has been discovered in augmnt augments-mcp-server 7.1.0. This issue affects the function
scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan_project_deps. Executing a manipulation of the argument packageJsonPath can lead to path traversal.
The identification of this vulnerability is CVE-2026-15526. The attack can only be executed locally. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report but has not responded yet.