2887 matches found
CVE-2026-15415 Path traversal and arbitrary file write in the workflow linters of aws-healthomics-mcp-server
AWS HealthOmics is a HIPAA-eligible service that fully manages the compute, storage, and workflow engine infrastructure required to run bioinformatics analyses at scale for clinical diagnostics, drug discovery, and agricultural research. Improper limitation of a pathname to a restricted directory...
CVE-2026-7755 MCP Server Configuration Validator Bypass via File Upload API
IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow remote code execution due to incomplete validation enforcement on MCP server configuration files...
CVE-2026-7755
The IBM Security Bulletin confirms CVE-2026-7755 affects Langflow OSS versions 1.0.0–1.10.0, where the File Manager API may bypass MCP server configuration validation during file uploads. A maliciously crafted MCP configuration file (e.g., mcp_servers .json) could be uploaded via upload_user_file...
CVE-2026-58195
Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/servers/claude-flow-sdk.ts, src/mcp/fastmcp/servers/stdio-full.ts, src/mcp/fastmcp/servers/http-streaming-updated.ts,...
meta-ads-mcp: X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token
X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token Summary AuthInjectionMiddleware in meta-ads-mcp rejects HTTP MCP requests only when both authtoken and pipeboardtoken are absent. Because extracttokenfromheaders does not recognise the X-Pipeboard-Token header, an attacker who sends...
CVE-2026-58195 Agentic-Flow: OS Command Injection in agentic-flow MCP server tools via unsanitized tool-parameter interpolation into execSync
Agentic-Flow is an AI agent orchestration platform. Prior to 2.0.14, agentic-flow MCP server tools in src/mcp/standalone-stdio.ts, src/mcp/fastmcp/servers/claude-flow-sdk.ts, src/mcp/fastmcp/servers/stdio-full.ts, src/mcp/fastmcp/servers/http-streaming-updated.ts,...
CVE-2026-58195
Agentic-Flow (MCP server tools) prior to version 2.0.14 is vulnerable to OS command injection. In affected code paths, tool parameters such as agent, task, name, language, and agentdb could be interpolated directly into shell command strings passed to execSync(), enabling arbitrary command execut...
CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository
ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...
CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository
ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...
CVE-2026-57860
Technical details about CVE-2026-57860 are not publicly available in the provided documents. Monitor for updates.
EUVD-2026-45217
ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...
mcp-atlassian < 0.17.0 - Server-Side Request Forgery
MCP Atlassian 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. id: CVE-2026-27826 info...
9Router <= 0.4.36 - Unauthenticated RCE
9Router = 0.4.36 middleware only guards 8 explicitly listed routes, leaving /api/cli-tools/ and /api/mcp/ entirely unauthenticated. An attacker can POST to /api/cli-tools/cowork-settings to register a custom MCP plugin with attacker-controlled command and args stored verbatim into globalThis, the...
MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. id...
CVE-2026-62208
OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's...
CVE-2026-44970
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DefaultUsageTracker.emittoolcalledevent in src/dbtmcp/tracking/tracking.py serialized every MCP tool call's complete arguments dictionary and sent it through dbtlabsvortex.producer.logproto without redaction,...
CVE-2026-46341
The Apify MCP server enables AI agents to extract data from websites using ready-made scrapers, crawlers, and automation tools available on the Apify Store. Prior to 0.9.21, the fetch-apify-docs tool in src/tools/common/fetchapifydocs.ts validates allowlisted documentation domains with...
CVE-2026-44969
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.calltool in src/dbtmcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool call and at ERROR level on exceptions, and configurefilelogging wrote those records to dbt-mcp.log...
CVE-2026-44969
dbt-mcp: CVE-2026-44969 involves logging of complete tool call arguments (including sql_query, vars, and node_selection) in plaintext when DBT_MCP_SERVER_FILE_LOGGING is enabled. The issue is present in earlier versions (e.g., v1.15.x) and fixed in v1.17.1. Connected sources confirm that argument...
CVE-2026-44969 dbt-mcp: Tool Arguments Including SQL Queries and Credentials Logged in Plaintext Without Redaction When File Logging Is Enabled
dbt-mcp is a Model Context Protocol server for interacting with dbt. Prior to 1.17.1, DbtMCP.calltool in src/dbtmcp/mcp/server.py logged the raw arguments dictionary at INFO level before each tool call and at ERROR level on exceptions, and configurefilelogging wrote those records to dbt-mcp.log...