4 matches found
CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.
orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...
CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.
orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...
CVE-2026-22785
Summary: Orval (MCP client/server code path) is vulnerable to arbitrary code execution via unsanitized input in OpenAPI specs. The CVE-2026-22785/MCP issue arises from string-manipulation in the MCP server generation logic that embeds the summary field without proper validation/escaping, allowing...
CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.
orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...