Lucene search
+L

12 matches found

osv
osv
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-544 MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

9.3CVSS6AI score0.00629EPSS
Exploits0References7
veracode
veracode
added 2026/04/11 5:36 a.m.6 views

Remote Code Execution (RCE)

stata-mcp is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied Stata do-file content, which allows an attacker to inject and execute arbitrary commands...

9.8CVSS6.1AI score0.00557EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2026/04/10 1:22 a.m.4 views

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

9.8CVSS5.9AI score0.00557EPSS
Exploits0References1
euvd
euvd
added 2026/04/08 6:34 p.m.4 views

EUVD-2026-20475

stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution...

6AI score0.00557EPSS
Exploits0References6
osv
osv
added 2026/04/08 6:34 p.m.3 views

GHSA-JPCJ-7WFG-MQXV stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

8.7CVSS5.8AI score0.00557EPSS
Exploits0References6
github
github
added 2026/04/08 6:34 p.m.11 views

stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

9.8CVSS5.9AI score0.00557EPSS
Exploits0References6Affected Software1
cnnvd
cnnvd
added 2026/04/08 12:0 a.m.7 views

SepineTam Stata-MCP 安全漏洞

SepineTam Stata-MCP is an extended statistical analysis tool from the SepineTam company. Versions of SepineTam Stata-MCP prior to v1.13.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the Stata do-file content provided to users, which could lead...

9.8CVSS5.8AI score0.00557EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/08 12:0 a.m.20 views

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

0.00557EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/04/08 12:0 a.m.8 views

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

5.9AI score0.00557EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/08 12:0 a.m.6 views

PT-2026-31323

Name of the Vulnerable Software and Affected Versions stata-mcp versions prior to 1.13.0 Description Insufficient validation of user-supplied Stata do-file content in stata-mcp can lead to command execution. Recommendations Update stata-mcp to version 1.13.0 or later...

9.8CVSS5.8AI score0.00557EPSS
Exploits0References16
cve
cve
added 2026/04/08 12:0 a.m.36 views

CVE-2026-31040

CVE-2026-31040 affects stata-mcp prior to v1.13.0, where insufficient validation of user-supplied Stata do-file content can lead to command execution. The vulnerability is documented across multiple sources (Red Hat, OSV, ENISA, CVE databases) with a fix in v1.13.0 and later. Affected component: ...

9.8CVSS5.9AI score0.00557EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/04/08 12:0 a.m.3 views

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

9.8CVSS6AI score0.00557EPSS
Exploits0References6
Rows per page
Query Builder