Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A weakness has been identified in mastergo-design mastergo-magic-mcp up to 0.2.0. Impacted is the function z.string of the file src/tools/get-component-link.ts of the component mcp__getComponentLink. Executing a manipulation of the argument url can lead to server-side request forgery. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | mastergo-design mastergo-magic-mcp mcp__getComponentLink get-component-link.ts z.string server-side request forgery | |
| First Time appeared |
Mastergo-design
Mastergo-design mastergo-magic-mcp |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:mastergo-design:mastergo-magic-mcp:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Mastergo-design
Mastergo-design mastergo-magic-mcp |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-14T21:30:08.566Z
Reserved: 2026-07-14T15:39:47.644Z
Link: CVE-2026-15750
No data.
No data.
No data.
OpenCVE Enrichment
No data.