Lucene search
K

4 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-559 Upsonic: remote code execution vulnerability in its MCP server/task creation functionality

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

9.8CVSS6.8AI score0.00974EPSS
Exploits0References6
OSV
OSV
added 2026/04/15 6:31 p.m.8 views

GHSA-CW73-5F7H-M4GV Upsonic: remote code execution vulnerability in its MCP server/task creation functionality

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

9.8CVSS6.6AI score0.00974EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:0 a.m.5 views

CVE-2026-30625

Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands npm, npx accept argument flags that enable...

6.6AI score0.00974EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33073

Name of the Vulnerable Software and Affected Versions Upsonic version 0.71.6 Description An issue exists in the MCP server/task creation functionality where users can define MCP tasks with arbitrary command and args values. While an allowlist is implemented, specific permitted commands such as np...

9.8CVSS6.8AI score0.00974EPSS
Exploits0References14
Rows per page
Query Builder