2 matches found
CVE-2026-44450 Lumiverse: RCE via MCP stdio argument injection
Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...
GHSA-9GM9-C8MQ-VQ7M PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
Summary The --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. Details cli/features/mcp.py:61 source -...