Lucene search
K

8 matches found

OSV
OSV
added 2026/06/19 3:12 p.m.14 views

GHSA-JV2H-4P9V-WF5W ouroboros-ai: Incomplete fix of CVE-2026-47211: untrusted project .env can still reach RCE via omitted execution-routing keys

Impact The CVE-2026-47211 fix 0.39.0 added UNTRUSTEDENVDENYLIST to stop an untrusted project-directory .env from redirecting execution. The denylist was incomplete — several execution-routing keys of the same RCE class were omitted, so a malicious cloned repo can still reach arbitrary command...

8.6CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.11 views

CVE-2026-6599

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/20 6:31 a.m.4 views

Langflow vulnerable to injection

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

6.5CVSS6.2AI score0.00232EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 3:0 a.m.5 views

CVE-2026-6599 langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function getclientip/installmcpconfig of the file src/backend/base/langflow/api/v1/mcpprojects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.12 views

Langflow 安全漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function getclientip/installmcpconfig in the...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.10 views

PT-2026-33705

A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get client ip/install mcp config of the file src/backend/base/langflow/api/v1/mcp projects.py of the component Model Context Protocol Configuration API. Performing a manipulation of the argument...

6.5CVSS5.5AI score0.00232EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/17 4:30 p.m.7 views

CVE-2026-23523

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the...

9.6CVSS7AI score0.06299EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

Zed 命令注入漏洞

Zed is an open source code editor from Zed Industries. A command injection vulnerability exists in versions prior to Zed 0.218.2-pre that stems from loading a malicious MCP configuration from the settings.json file in the project.zed subdirectory, which could lead to arbitrary code execution...

7.7CVSS8AI score0.00252EPSS
Exploits1References3
Rows per page
Query Builder