Lucene search
K

11 matches found

GithubExploit
GithubExploit
added 2026/02/04 10:37 p.m.181 views

Exploit for CVE-2026-25546

CVE-2026-25546 PoC - godot-mcp OS Command...

7.8CVSS5.3AI score0.00853EPSS
Exploits1
NVD
NVD
added 2026/02/04 10:16 p.m.12 views

CVE-2026-25546

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

7.8CVSS0.00853EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/04 9:48 p.m.3 views

CVE-2026-25546 Godot MCP is vulnerable to Command Injection via unsanitized projectPath

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

7.8CVSS6.4AI score0.00853EPSS
Exploits1References4
OSV
OSV
added 2026/02/04 9:48 p.m.6 views

CVE-2026-25546 Godot MCP is vulnerable to Command Injection via unsanitized projectPath

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

7.8CVSS6.5AI score0.00853EPSS
Exploits1References6
CVE
CVE
added 2026/02/04 9:48 p.m.26 views

CVE-2026-25546

Godot MCP vulnerability CVE-2026-25546: In godot-mcp prior to v0.1.1, executeOperation passed user-controlled input (e.g., projectPath) to exec(), spawning a shell and enabling command injection with shell metacharacters. This could allow remote code execution with MCP server privileges across to...

7.8CVSS6.4AI score0.00853EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/02/04 9:48 p.m.27 views

CVE-2026-25546 Godot MCP is vulnerable to Command Injection via unsanitized projectPath

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

7.8CVSS0.00853EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/04 8:2 p.m.3 views

Command Injection

Overview godot-mcp is a MCP server for interfacing with Godot game engine. Provides tools for launching the editor, running projects, and capturing debug output. Affected versions of this package are vulnerable to Command Injection via the executeOperation function when user-controlled input is...

8.5CVSS6AI score0.00853EPSS
Exploits1References2
OSV
OSV
added 2026/02/04 8:2 p.m.5 views

GHSA-8JX2-RHFH-Q928 godot-mcp has Command Injection via unsanitized projectPath

Impact A Command Injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which spawns a shell. An attacker could inject shell metacharacters like $command or &calc to execute arbitrary comman...

7.8CVSS6.5AI score0.00853EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.3 views

PT-2026-6397

Impact A Command Injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which spawns a shell. An attacker could inject shell metacharacters like $command or &calc to execute arbitrary comman...

7.8CVSS6.6AI score0.00853EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-6322

Name of the Vulnerable Software and Affected Versions Godot MCP versions prior to 0.1.1 Description Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. A command injection issue in godot-mcp allows remote code execution. The executeOperation function passe...

7.8CVSS6.5AI score0.00853EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.12 views

Godot MCP 操作系统命令注入漏洞

Godot MCP is an MCP server developed by Solomon Elias, designed for interfacing with the Godot game engine. Versions of Godot MCP prior to 0.1.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the executeOperation function, which directly...

7.8CVSS6.2AI score0.00853EPSS
Exploits1References4
Rows per page
Query Builder