17 matches found
CVE-2026-10691
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...
CVE-2026-10691
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...
CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...
CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...
CVE-2026-10691
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...
PT-2026-45884
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...
PT-2026-45885
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start search. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It i...
CVE-2025-11491
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...
CVE-2025-11490
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from...
CVE-2025-11491 wonderwhy-er DesktopCommanderMCP command-manager.ts CommandManager os command injection
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...
CVE-2025-11491
CVE-2025-11491 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The vulnerability is in CommandManager (src/command-manager.ts) where manipulation enables operating system command injection. Attacks can be initiated remotely, and public exploits exist. Connected sources do not provide a con...
@iflow-mcp/theycallmeholla-schema-org-mcp (=0.1.0), @wonderwhy-er/desktop-commander (>=0.2.29-alpha.3 <=0.2.29-alpha.4) +2 more potentially affected by CVE-2025-11489 via @wonderwhy-er/desktop-commander (>=0.1.39 <=0.2.41)
@wonderwhy-er/desktop-commander NPM version =0.1.39, =0.2.29-alpha.3, =1.0.0, =1.0.1 - familiar-mcp =0.1.0 Source cves: CVE-2025-11489 Source advisory: SNYK:JS-WONDERWHYERDESKTOPCOMMANDER-13535094...
CVE-2025-11490
CVE-2025-11490 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The vulnerability is in the function extractBaseCommand (src/command-manager.ts) of the Absolute Path Handler, enabling remote OS command injection. Public exploit details exist and multiple sources describe exploitation via cr...
CVE-2025-11489
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...
CVE-2025-11489
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...
CVE-2025-11489
CVE-2025-11489 affects wonderwhy-er DesktopCommanderMCP up to 0.2.13. The issue resides in isPathAllowed (src/tools/filesystem.ts) and enables symbolic link following, with local access required and high attack complexity. Publicly disclosed exploitability is noted; vendor guidance recommends usi...
PT-2025-41303
Name of the Vulnerable Software and Affected Versions wonderwhy-er DesktopCommanderMCP versions through 0.2.13 Description A flaw exists in the CommandManager function within the src/command-manager.ts file that allows for operating system command injection. This issue can be triggered remotely...