Lucene search
+L

6 matches found

NVD
NVD
added yesterday6 views

CVE-2026-57860

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS
Exploits0References5
Cvelist
Cvelist
added yesterday14 views

CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS
Exploits0References5
CVE
CVE
added yesterday7 views

CVE-2026-57860

Technical details about CVE-2026-57860 are not publicly available in the provided documents. Monitor for updates.

8.4CVSS5.9AI score
Exploits0References5
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added yesterday7 views

EUVD-2026-45217

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60803

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS5.8AI score
Exploits0References5
Rows per page
Query Builder