CVE-2026-7594

Name of the Vulnerable Software and Affected Versions Flux159 mcp-game-asset-gen version 0.1.0

Description A path traversal issue exists in the MCP Interface component within the image to 3d async() function of the src/index.ts file. This flaw allows remote attackers to perform path traversal by manipulating the statusFile argument.

Recommendations As a temporary workaround, restrict the use of the image to 3d async() function or carefully validate the statusFile argument to prevent unauthorized file system access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.