A vulnerability was found in mastergo-design mastergo-magic-mcp up to 0.2.0. It has been classified as critical. This issue affects the function
execute of the file src/tools/get-c2d.ts of the component mcp__C2d. Performing a manipulation of the argument filePath results in path traversal.
This vulnerability is reported as CVE-2026-15749. The attack requires a local approach. Moreover, an exploit is present.
The project was informed of the problem early through an issue report but has not responded yet.