CVE-2026-29042

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

Exploit for CVE-2025-69256

hi CTT-Serverless-RCE-v1.0---Convergent-Time-Theory-Enhanced-MC...

Command Injection

Serverless Framework is vulnerable to Command Injection. The vulnerability is due to unsanitized user input being passed to childprocess.exec in the experimental MCP server feature, which allows an attacker to inject shell metacharacters and execute arbitrary system commands with the privileges o...

CVE-2025-69256

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

EUVD-2025-205851

serverless MCP Server vulnerable to Command Injection in list-projects tool...

GHSA-RWC2-F344-Q6W6 serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

serverless MCP Server vulnerable to Command Injection in list-projects tool

Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...

CVE-2025-69256

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

CVE-2025-69256

CVE-2025-69256 : The Serverless Framework MCP Server vulnerability enables command injection via unsanitized user input in the list-projects tool. The issue arises when building shell commands with workspaceRoots (user-controlled) and calling child_process.exec without proper sanitization, allowi...

CVE-2025-69256 serverless MCP Server vulnerable to command injection in list-projects tool

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This...

PT-2025-54216

Name of the Vulnerable Software and Affected Versions Serverless Framework versions 4.29.0 through 4.29.2 Description The Serverless Framework includes a command injection issue within the built-in MCP server package @serverless/mcp. This affects users utilizing the experimental MCP server featur...

Serverless Framework 命令注入漏洞

Serverless Framework is a cloud service hosting tool from Serverless open source. A command injection vulnerability exists in Serverless Framework versions 4.29.0 through prior to 4.29.3, which stems from improper cleanup of input parameters to childprocess.exec, which could lead to remote code...