PT-2025-41300

Name of the Vulnerable Software and Affected Versions wonderwhy-er DesktopCommanderMCP versions up to 0.2.13 Description A flaw exists within the software that allows for operating system command injection. This occurs due to improper handling of commands within the extractBaseCommand function...

Desktop Commander MCP 操作系统命令注入漏洞

Desktop Commander MCP is an MCP server by the individual developer Eduard Ruzga. An operating system command injection vulnerability exists in Desktop Commander MCP version 0.2.13 and earlier, which stems from improper manipulation of the function CommandManager in the file src/command-manager.ts...