Lucene search
+L

17 matches found

OSV
OSV
added 2 days ago4 views

CVE-2026-45805 Penpot: MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/server/src/ReplServer.ts bound the ReplServer to 0.0.0.0:4403 and exposed an unauthenticated /execute endpoint that passed the code field to PluginBridge.executePluginTask, allowing...

8.8CVSS6.2AI score0.00229EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-45805 Penpot: MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/server/src/ReplServer.ts bound the ReplServer to 0.0.0.0:4403 and exposed an unauthenticated /execute endpoint that passed the code field to PluginBridge.executePluginTask, allowing...

8.8CVSS0.00229EPSS
Exploits0References4
CVE
CVE
added 2 days ago25 views

CVE-2026-45805

Penpot MCP ReplServer exposes an unauthenticated /execute endpoint and binds to 0.0.0.0 (all interfaces), enabling remote JavaScript execution on the server. The issue is implemented in mcp/packages/server/src/ReplServer.ts by listening without a host (default 0.0.0.0) and posting code to PluginB...

8.8CVSS6.2AI score0.00229EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-44986 Penpot: Pre-authenticated account takeover via team-invitation token + prepare-register-profile

Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teamsinvitations.clj invitation tokens from create-team-invitations, embedded an existing profile id in auth.clj prepare-register-profile, and had auth.clj register-profile issue a session base...

9.9CVSS0.00283EPSS
Exploits0References4
CVE
CVE
added 2 days ago17 views

CVE-2026-44986

CVE-2026-44986 affects Penpot prior to 2.14.5. The issue allows a pre-authenticated account takeover via team invitation tokens: tokens from create-team-invitations were exposed, an existing profile id was embedded in auth.clj prepare-register-profile, and auth.clj register-profile could issue a ...

9.9CVSS6.1AI score0.00283EPSS
Exploits0References4
CVE
CVE
added 2 days ago7 views

CVE-2026-45806

Penpot before 2.15.0 vulnerable to authenticated SSRF in remote image import. The flow passes a user-controlled URL from frontend to the backend RPC method create-file-media-object-from-url, where media/download-image uses a shared HTTP client without destination filtering, allowing an authentica...

7.7CVSS6.2AI score0.00354EPSS
Exploits1References2
OSV
OSV
added 2 days ago3 views

CVE-2026-45806 Penpot: Authenticated SSRF in remote image import via create-file-media-object-from-url

Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot's remote image import passed the user-controlled url from frontend/src/app/main/data/workspace/media.cljs into the backend RPC method :create-file-media-object-from-url in...

7.7CVSS6.2AI score0.00354EPSS
Exploits1References4
Veracode
Veracode
added 2026/05/23 5:0 a.m.15 views

Remote Code Execution (RCE)

@penpot/mcp is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unauthenticated /execute endpoint exposed on all network interfaces, which allows an attacker to remotely execute arbitrary JavaScript code on the server...

8.8CVSS6.2AI score0.00229EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/05/19 7:57 p.m.7 views

Exposed Dangerous Method or Function

Overview @penpot/mcp is a MCP server for Penpot integration Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via MCP module's ReplServer that binds to all interfaces 0.0.0.0:4403 and exposes a /execute endpoint that runs arbitrary code with zero...

8.8CVSS6.2AI score0.00229EPSS
Exploits0References2
Circl
Circl
added 2026/05/19 10:41 a.m.10 views

CVE-2026-45805

creationtimestamp| type| source ---|---|--- 2026-05-19 10:41:54+00:00| published-proof-of-concept| https://github.com/penpot/penpot/security/advisories/GHSA-22qr-rp27-j9wm...

8.8CVSS5.8AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:39 p.m.7 views

CVE-2026-26202

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.8AI score0.00437EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 8:25 p.m.5 views

CVE-2026-26202

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS0.00437EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/19 7:23 p.m.5 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.7AI score0.00437EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/19 7:23 p.m.29 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS0.00437EPSS
Exploits1References2
OSV
OSV
added 2026/02/19 7:23 p.m.7 views

CVE-2026-26202 Penpot has Arbitrary File Read via create-font-variant RPC endpoint

Penpot is an open-source design tool for design and code collaboration. Prior to version 2.13.2, an authenticated user can read arbitrary files from the server by supplying a local file path e.g. /etc/passwd as a font data chunk in the create-font-variant RPC endpoint, resulting in the file...

7.5CVSS5.8AI score0.00437EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.11 views

PT-2026-20920

Name of the Vulnerable Software and Affected Versions Penpot versions prior to 2.13.2 Description Penpot is an open-source design and code collaboration tool. An authenticated user with team edit permissions can read arbitrary files from the server. This is achieved by providing a local file path...

7.5CVSS5.5AI score0.00437EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.14 views

penpot 安全漏洞

Penpot is an open-source design tool developed by Penpot for collaboration in design and coding. Versions of Penpot prior to 2.13.2 contained a security vulnerability. This vulnerability allowed authenticated users to access arbitrary files by providing local file paths as font data blocks,...

7.5CVSS5.9AI score0.00437EPSS
Exploits1References2
Rows per page
Query Builder