Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/01/12 6:43 p.m.21 views

CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

9.3CVSS0.00709EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/01/12 6:43 p.m.5 views

CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

9.3CVSS6.6AI score0.00709EPSS
Exploits2References2
CVE
CVE
added 2026/01/12 6:43 p.m.35 views

CVE-2026-22785

Summary: Orval (MCP client/server code path) is vulnerable to arbitrary code execution via unsanitized input in OpenAPI specs. The CVE-2026-22785/MCP issue arises from string-manipulation in the MCP server generation logic that embeds the summary field without proper validation/escaping, allowing...

9.8CVSS6.6AI score0.00709EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/01/12 6:43 p.m.4 views

CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

9.3CVSS6.9AI score0.00709EPSS
Exploits2References4
Rows per page
Query Builder