A vulnerability categorized as problematic has been discovered in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan_project_deps. Executing a manipulation of the argument packageJsonPath can lead to path traversal.

The identification of this vulnerability is CVE-2026-15526. The attack can only be executed locally. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.