Command Injection

MCP Watch is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed to execSync in the cloneRepo method, which allows an attacker to append shell metacharacters to the URL and execute arbitrary commands on the host system...

EUVD-2025-200116

MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution RCE via malicious URL...

CVE-2025-66401 MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL

MCP Watch is a comprehensive security scanner for Model Context Protocol MCP servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via...

CVE-2025-66401 MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL

MCP Watch is a comprehensive security scanner for Model Context Protocol MCP servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via...

CVE-2025-66401

MCP Watch vulnerability (CVE-2025-66401) affects MCPWatch

MCP Watch 操作系统命令注入漏洞

MCP Watch is a comprehensive security scanning program for Model Context Protocol servers by the individual developer Kapil Duraphe. An operating system command injection vulnerability exists in MCP Watch version 0.1.2 and earlier, which stems from command injection and could lead to arbitrary...