A vulnerability marked as critical has been reported in c-rick jimeng-mcp 1.10.0 . Affected by this vulnerability is the function getFileContent/uploadCoverFile/generateImage/generateVideo of the file src/api.ts . The manipulation of the argument filePath leads to path traversal. This vulnerability is listed as CVE-2026-9473 . The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet