CVE-2025-35028

By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...

EUVD-2025-199938

By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...

CVE-2025-35028 HexStrike AI MCP Server Command Injection

By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...

CVE-2025-35028

HexStrike AI MCP Server is affected by a command-injection vulnerability in the EnhancedCommandExecutor API endpoint. A command-line argument starting with a semicolon (;) can cause a composed command to run with the MCP server’s privileges (typically root) because default configurations do not s...

PT-2025-48532

🚨 CVE-2026-1442 Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 a...

PT-2025-48397

Name of the Vulnerable Software and Affected Versions HexStrike AI MCP Server versions prior to commit 2f3a5512 Description The HexStrike AI MCP Server is susceptible to a command injection issue. By supplying a command-line argument beginning with a semicolon ; to an API endpoint created by the...