A vulnerability was found in mastergo-design mastergo-magic-mcp up to 0.2.0. It has been rated as critical. The affected element is the function
execute of the file mastergo/component-workflow.md of the component mcp__getComponentGenerator. The manipulation of the argument rootPath leads to path traversal.
This vulnerability is traded as CVE-2026-15751. An attack has to be approached locally. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report but has not responded yet.