Lucene search
K

405 matches found

Vulnrichment
Vulnrichment
added 2026/04/16 9:24 p.m.7 views

CVE-2026-39313 MCP-Framework: Unbounded memory allocation in readRequestBody allows denial of service via HTTP transport

mcp-framework is a framework for building Model Context Protocol MCP servers. In versions 0.2.21 and below, the readRequestBody function in the HTTP transport concatenates request body chunks into a string with no size limit. Although a maxMessageSize configuration value exists, it is never...

8.7CVSS5.8AI score0.00495EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2026/04/16 7:44 p.m.8 views

CVE-2026-33032: Nginx UI Missing MCP Authentication

Overview On March 30, 2026, a security advisory was published for a critical vulnerability affecting Nginx UI. Nginx UI is an open-source web interface to centralize the management of Nginx configurations and SSL certificates. The critical vulnerability, CVE-2026-33032, was reported in early Marc...

9.8CVSS7.3AI score0.38477EPSS
Exploits15
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 p.m.6 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

9.8CVSS6.5AI score0.06583EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.7 views

CVE-2026-40159

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By...

5.5CVSS6.1AI score0.00182EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/15 12:56 p.m.23 views

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 CVSS score: 9.8, an authentication bypass vulnerability that enables threat actors to...

9.8CVSS7.7AI score0.38477EPSS
Exploits17
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.8 views

MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...

5.8AI score
Exploits0
CVE
CVE
added 2026/04/14 11:25 p.m.22 views

CVE-2026-39884

The CVE-2026-39884 entry concerns mcp-server-kubernetes (Model Context Protocol server for Kubernetes) with a vulnerability in the port_forward tool (src/tools/port_forward.ts). The code builds a kubectl command by string concatenation using user-controlled input and naively splits on spaces befo...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:25 p.m.4 views

CVE-2026-39884

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the portforward tool in src/tools/portforward.ts, where a kubectl command is constructed via string concatenation with user-controlle...

8.3CVSS5.9AI score0.00258EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/14 3:30 p.m.4 views

GHSA-XRXF-JGV3-QMRM OpenAI Codex CLI enables code execution through malicious MCP (Model Context Protocol) configuration files

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

9.8CVSS6.5AI score0.06583EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/14 3:30 p.m.13 views

EUVD-2025-209435

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.5AI score0.06583EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/14 3:30 p.m.13 views

OpenAI Codex CLI enables code execution through malicious MCP (Model Context Protocol) configuration files

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

9.8CVSS6.4AI score0.06583EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/14 3:16 p.m.5 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

9.8CVSS0.06583EPSS
Exploits1References1
CVE
CVE
added 2026/04/14 12:0 a.m.38 views

CVE-2025-61260

The CVE-2025-61260 issue affects the OpenAI Codex CLI, specifically versions prior to 0.23.0. The root cause is improper handling of repository-local configuration files (notably .env and .codex/config.toml) that are loaded automatically when the codex command is executed in a malicious or compro...

9.8CVSS6.5AI score0.06583EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:0 a.m.5 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.5AI score0.06583EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.27 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

0.06583EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.4 views

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

6.4AI score0.06583EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/13 12:30 a.m.9 views

EUVD-2026-21746

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

7.5CVSS5.5AI score0.01368EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2026/04/13 12:0 a.m.41 views

VulnCheck KEV: CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS5.8AI score0.38477EPSS
In wildExploits4References3
ATTACKERKB
ATTACKERKB
added 2026/04/12 10:0 p.m.4 views

CVE-2026-6130

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

7.5CVSS5.5AI score0.01368EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/12 10:0 p.m.16 views

CVE-2026-6130

CVE-2026-6130 affects chatboxai up to version 1.20.0, impacting the StdioClientTransport function in src/main/mcp/ipc-stdio-transport.ts within the Model Context Protocol Server Management System. The root cause is a flaw where manipulating the argument list (args/env) enables os command injectio...

7.5CVSS6.7AI score0.01368EPSS
Exploits0References6
Rows per page
Query Builder