A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation …

A path traversal vulnerability (CVE-2026-7212) has been discovered in edvardlindelof notes-mcp versions up to 0.1.4. The vulnerability affects an unknown function in the notes_mcp.py file through manipulation of the root_dir/path argument. The attack can be executed remotely and the exploit has been publicly disclosed. The vulnerability allows attackers to traverse file system paths outside intended directories. The project maintainer was notified through an issue report but has not responded yet.