3 matches found
GHSA-CW73-5F7H-M4GV Upsonic: remote code execution vulnerability in its MCP server/task creation functionality
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...
PT-2026-33073
Name of the Vulnerable Software and Affected Versions Upsonic version 0.71.6 Description An issue exists in the MCP server/task creation functionality where users can define MCP tasks with arbitrary command and args values. While an allowlist is implemented, specific permitted commands such as np...
CVE-2026-30625
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...