Lucene search
K

134 matches found

Nuclei
Nuclei
added 2 days ago15 views

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

8.8CVSS7.2AI score0.80188EPSS
Exploits4References4
NVD
NVD
added 5 days ago7 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS6.2AI score0.00384EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-559 Upsonic: remote code execution vulnerability in its MCP server/task creation functionality

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

9.8CVSS6.8AI score0.00974EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-30616

Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...

7.3CVSS6.5AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6130

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command...

7.5CVSS6.8AI score0.01368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40933

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...

9.9CVSS6.6AI score0.01987EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/26 7:54 p.m.34 views

CVE-2026-44450 Lumiverse: RCE via MCP stdio argument injection

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...

9.9CVSS0.00377EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.13 views

Duplicate Advisory: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj59-h3q9-ghfh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server...

7.3CVSS6.1AI score0.00136EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/11 6:31 p.m.7 views

GHSA-P3M6-JR2H-HHXJ Duplicate Advisory: OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj59-h3q9-ghfh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server...

7.3CVSS6.1AI score0.00136EPSS
Exploits0References6
NVD
NVD
added 2026/05/11 6:16 p.m.19 views

CVE-2026-44995

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODEOPTIONS, LDPRELOAD, or BASHENV to spawne...

7.3CVSS0.00136EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 4:46 p.m.38 views

CVE-2026-44995 OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODEOPTIONS, LDPRELOAD, or BASHENV to spawne...

7.3CVSS0.00136EPSS
Exploits0References4
OSV
OSV
added 2026/05/11 4:46 p.m.3 views

CVE-2026-44995 OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODEOPTIONS, LDPRELOAD, or BASHENV to spawne...

5.4CVSS6.3AI score0.00136EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/08 3:35 a.m.65 views

CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

8.7CVSS0.80188EPSS
Exploits2References2
GithubExploit
GithubExploit
added 2026/04/27 1:58 a.m.118 views

mcp-stdio-exploit

MCP STDIO Exploit: A Local Reimplementation Vulnerability...

6.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/25 11:48 p.m.15 views

OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Workspace MCP stdio configuration could pass dangerous process-startup environment variables such as NODEOPTIONS, LDPRELOAD, or BASHENV to the spawned MCP server process. In a...

7.3CVSS5.4AI score0.00136EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/25 11:27 p.m.69 views

GHSA-V4P8-MG3P-G94G LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS6AI score0.80188EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.11 views

PT-2026-37190

Name of the Vulnerable Software and Affected Versions n8n-mcp versions prior to 2.47.13 Description When running in HTTP transport mode, authenticated tools/call requests have their full arguments and JSON-RPC parameters written to server logs by the request dispatcher and related code paths befo...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References12
NVD
NVD
added 2026/04/21 10:16 p.m.13 views

CVE-2026-40933

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...

9.9CVSS0.01987EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:0 p.m.5 views

CVE-2026-40933

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...

9.9CVSS6.4AI score0.01987EPSS
Exploits1References4Affected Software2
Rows per page
Query Builder