12 matches found
PYSEC-2026-544 MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper
Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...
Remote Code Execution (RCE)
stata-mcp is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user-supplied Stata do-file content, which allows an attacker to inject and execute arbitrary commands...
CVE-2026-31040
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...
EUVD-2026-20475
stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution...
GHSA-JPCJ-7WFG-MQXV stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...
stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...
SepineTam Stata-MCP 安全漏洞
SepineTam Stata-MCP is an extended statistical analysis tool from the SepineTam company. Versions of SepineTam Stata-MCP prior to v1.13.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the Stata do-file content provided to users, which could lead...
CVE-2026-31040
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...
CVE-2026-31040
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...
PT-2026-31323
Name of the Vulnerable Software and Affected Versions stata-mcp versions prior to 1.13.0 Description Insufficient validation of user-supplied Stata do-file content in stata-mcp can lead to command execution. Recommendations Update stata-mcp to version 1.13.0 or later...
CVE-2026-31040
CVE-2026-31040 affects stata-mcp prior to v1.13.0, where insufficient validation of user-supplied Stata do-file content can lead to command execution. The vulnerability is documented across multiple sources (Red Hat, OSV, ENISA, CVE databases) with a fix in v1.13.0 and later. Affected component: ...
CVE-2026-31040
A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...