EUVD-2025-33304

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...

PT-2025-41303

Name of the Vulnerable Software and Affected Versions wonderwhy-er DesktopCommanderMCP versions through 0.2.13 Description A flaw exists in the CommandManager function within the src/command-manager.ts file that allows for operating system command injection. This issue can be triggered remotely...

PT-2025-41300

Name of the Vulnerable Software and Affected Versions wonderwhy-er DesktopCommanderMCP versions up to 0.2.13 Description A flaw exists within the software that allows for operating system command injection. This occurs due to improper handling of commands within the extractBaseCommand function...

PT-2025-41297

Name of the Vulnerable Software and Affected Versions wonderwhy-er DesktopCommanderMCP versions up to 0.2.13 Description A security issue has been identified in the isPathAllowed function within the src/tools/filesystem.ts file of wonderwhy-er DesktopCommanderMCP. This allows for symlink followin...