CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

CVE-2026-30624

CVE-2026-30624 affects Agent Zero 0.9.8, in the External MCP Servers configuration feature. A JSON MCP configuration can include arbitrary command and args, which are executed when applied without sufficient validation. This can allow an attacker to run arbitrary OS commands with the Agent Zero p...

CVE-2025-68433 Zed IDE MCP Context Server Configuration Arbitrary Code Execution

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

CVE-2025-64109

Cursor CLI Beta contains a vulnerability where uploading a malicious MCP configuration in .cursor/mcp.json in a GitHub repo can trigger remote code execution when a victim clones the project and runs Cursor CLI. The issue results from the MCP (Model Context Protocol) server mechanism executing th...

EUVD-2025-19433

Malicious code in bioql PyPI...

Cursor < 1.2.4 RCE (GHSA-24mc-g4xr-4395)

The version of Cursor installed on the remote host is prior to 1.2.4. It is, therefore, affected by a remote code execution vulnerability. Attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing...

Cursor <= 1.2.1 RCE (GHSA-4cxx-hrm3-49rm)

The version of Cursor installed on the remote host is 1.2.1 or prior. It is, therefore, affected by a remote code execution vulnerability. An attacker could achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or...

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence AI-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 CVSS score: 7.2, has been codenamed MCPoison by Check Point Research, owing ...

CVE-2025-54136

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...

CVE-2025-54136

Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's machine. Once a...

Cursor 操作系统命令注入漏洞

Cursor is an AI code editor from Cursor open source. An operating system command injection vulnerability exists in Cursor 1.2.4 and earlier versions, which stems from the fact that the MCP configuration file can be modified, potentially leading to remote persistent code execution...

CVE-2025-53098

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

CVE-2025-53098

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

CVE-2025-53098

Roo Code prior to version 3.20.3 stores the MCP configuration in .roo/mcp.json. The MCP config format allows executing arbitrary commands, enabling an attacker who can submit prompts (e.g., via prompt injection) and who has MCP enabled and auto-approve file writes turned on to inject a malicious ...

CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

CVE-2025-53098 Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

PT-2025-27260 · Robocode · Robocode

Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.20.3 Description: The issue concerns the execution of arbitrary commands through the MCP configuration file. An attacker with access to the system could craft a prompt to write a malicious command to the MCP...

MCP Client Configuration File Detected

MCP Model Context Protocol configuration files allow specific softwares such as IDEs like Cursor to interact with MCP servers. These files may contain sensitive information which could assist an attack to conduct further attacks. No source data...