CVE-2026-49988

CVE-2026-49988

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, the Repomix MCP server attach_packed_output and read_repomix_output flow can register and read arbitrary local .json, .txt, .md, or .xml files without the f…

Vulnerability class: Information Disclosure

Weakness classification (CWE)

References