CVE-2026-7594 | Flux159 mcp-game-asset-gen 0.1.0 MCP Interface src/index.ts image_to_3d_async statusFile path traversal

Inserito da Angelo Barbosa | Mag 1, 2026 | CVE

A vulnerability was found in Flux159 mcp-game-asset-gen 0.1.0 and classified as critical. Affected is the function image_to_3d_async of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal.

This vulnerability is identified as CVE-2026-7594. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7594 | Flux159 mcp-game-asset-gen 0.1.0 MCP Interface src/index.ts image_to_3d_async statusFile path traversal

Post correlati

CVE-2024-1408 | ProfilePress Plugin up to 4.14.4 on WordPress Shortcode cross site scripting

CVE-2025-14359 | brandexponents Oshine Plugin up to 7.2.7 on WordPress filename control

CVE-2025-11801 | AudioTube Plugin up to 0.0.3 on WordPress Shortcode caption cross site scripting

CVE-2026-7016 | MaxSite CMS up to 109.3 ushki Plugin f_ushka_new/f_ushk cross site scripting