7 matches found
CVE-2025-35028
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
CVE-2025-35028 HexStrike AI MCP Server Command Injection
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
CVE-2025-35028 HexStrike AI MCP Server Command Injection
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
CVE-2025-35028
HexStrike AI MCP Server is affected by a command-injection vulnerability in the EnhancedCommandExecutor API endpoint. A command-line argument starting with a semicolon (;) can cause a composed command to run with the MCP server’s privileges (typically root) because default configurations do not s...
PT-2025-48397
Name of the Vulnerable Software and Affected Versions HexStrike AI MCP Server versions prior to commit 2f3a5512 Description The HexStrike AI MCP Server is susceptible to a command injection issue. By supplying a command-line argument beginning with a semicolon ; to an API endpoint created by the...
HexStrike AI MCP Agents 安全漏洞
HexStrike AI MCP Agents is an MCP server by the individual developer Muhammad Osama. HexStrike AI MCP Agents suffers from a security vulnerability that stems from not cleaning up command line parameters, which could lead to the execution of arbitrary code...
Hexstrike-redteam
HexStrike AI RED-TEAM AI-Powered MCP Cybersecurity Automat...