Lucene search
K

8 matches found

Snyk
Snyk
added 2026/05/11 7:16 p.m.6 views

Command Injection

Overview automagik-genie is a Self-evolving AI agent orchestration framework with Model Context Protocol support Affected versions of this package are vulnerable to Command Injection via the readTranscriptFromCommit function. An attacker can execute arbitrary system commands by supplying crafted...

9.2CVSS5.9AI score0.01008EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 6:31 p.m.8 views

EUVD-2026-29159

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

6.1AI score0.01008EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 6:16 p.m.8 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

8.1CVSS0.01008EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.33 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

0.01008EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 12:0 a.m.18 views

CVE-2026-30635

CVE-2026-30635 describes a command-injection vulnerability in the automagik-genie 2.5.27 MCP Server. The issue affects the readTranscriptFromCommit path in dist/mcp/server.js, where an attacker can trigger arbitrary command execution via the view_task (also known as view) when reading from an ext...

8.1CVSS6.1AI score0.01008EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.7 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

6.1AI score0.01008EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39708

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view task aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE BASE URL...

6.1AI score0.01008EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 12:0 a.m.7 views

CVE-2026-30635

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...

6.1AI score0.01008EPSS
Exploits0References2
Rows per page
Query Builder