2 matches found
CVE-2026-25905
CVE-2026-25905 describes a lack of isolation between Python code executed by runPython/runPythonAsync and the surrounding JavaScript environment. This lets Python code access Pyodide APIs to modify the JS context, which could enable an attacker to hijack the MCP server and shadow MCP tooling. The...
Pydantic 安全漏洞
Pydantic is an open-source library developed by Pydantic developers. It allows for data validation using Python type hints. Pydantic has a security vulnerability that stems from the lack of isolation between Python code and JavaScript code. This vulnerability could potentially lead to the hijacki...