7 matches found
CVE-2025-35028
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
CVE-2025-35028 HexStrike AI MCP Server Command Injection
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
CVE-2025-35028 HexStrike AI MCP Server Command Injection
By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...
CVE-2025-35028
HexStrike AI MCP Server is affected by a command-injection vulnerability in the EnhancedCommandExecutor API endpoint. A command-line argument starting with a semicolon (;) can cause a composed command to run with the MCP server’s privileges (typically root) because default configurations do not s...
HexStrike AI MCP Agents 安全漏洞
HexStrike AI MCP Agents is an MCP server by the individual developer Muhammad Osama. HexStrike AI MCP Agents suffers from a security vulnerability that stems from not cleaning up command line parameters, which could lead to the execution of arbitrary code...
PT-2025-48397
Name of the Vulnerable Software and Affected Versions HexStrike AI MCP Server versions prior to commit 2f3a5512 Description The HexStrike AI MCP Server is susceptible to a command injection issue. By supplying a command-line argument beginning with a semicolon ; to an API endpoint created by the...
Hexstrike-redteam
HexStrike AI RED-TEAM AI-Powered MCP Cybersecurity Automat...