Lucene search
+L

9 matches found

Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS5.9AI score
Exploits0References5
CVE
CVE
added yesterday7 views

CVE-2026-57860

Technical details about CVE-2026-57860 are not publicly available in the provided documents. Monitor for updates.

8.4CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57860 ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository

ForgeCode tailcallhq/forgecode, an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and...

8.4CVSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-47751

Claude Code Action is a general-purpose GitHub action that runs Claude Code on GitHub pull requests and issues. Prior to 1.0.74, because the action checked out attacker-controlled pull request head branches, read .mcp.json from the working directory via default setting sources, and unconditionall...

5.3CVSS0.00426EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.15 views

Malicious code in 0x2ai-multi-q (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e305b12731a6b73c8982935753b52febfa90626f5a75f6942ca154aa708594b6 Running npx 0x2ai-multi-q the package's documented invocation spawns claude --dangerously-skip-permissions and writes a .mcp.json into the user's...

6.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48540

Due to the combination of checking out PR head branches attacker-controlled, reading .mcp.json from the working directory via default setting sources, and unconditionally enabling all project MCP servers via enableAllProjectMcpServers, it was possible for an attacker who opened a PR containing a...

5.3CVSS6.3AI score0.00426EPSS
Exploits0References8
Zero Day Initiative
Zero Day Initiative
added 2026/04/02 12:0 a.m.12 views

Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The specific flaw exists within the handling of mcp.json files. T...

7.8CVSS6.3AI score0.01357EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/11/15 8:14 p.m.10 views

AWS VDP: Command Injection on Amazon Q Developer CLI via malicious .amazonq/mcp.json leads to arbitrary code execution

Asset URL: https://github.com/aws/amazon-q-developer-cli/ Summary: Running Q chat from Amazon Q Developer CLI from an attacker-controlled repository/directory that contains a crafted .amazonq/mcp.json enables arbitrary command injection/execution. Amazon Q Developer CLI automatically loads and...

7.5AI score
Exploits0
CVE
CVE
added 2025/11/04 11:9 p.m.44 views

CVE-2025-64109

Cursor CLI Beta contains a vulnerability where uploading a malicious MCP configuration in .cursor/mcp.json in a GitHub repo can trigger remote code execution when a victim clones the project and runs Cursor CLI. The issue results from the MCP (Model Context Protocol) server mechanism executing th...

8.8CVSS7.8AI score0.00471EPSS
Exploits0References1
Rows per page
Query Builder