Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ValidateStdioConfig process. An attacker can execute arbitrary commands with application privileges by bypassing argument validation using the -p flag in npx node. This allows full system compromise through...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ValidateStdioConfig process. An attacker can execute arbitrary commands with application privileges by bypassing argument validation using the -p flag in npx node. This allows full system compromise through...

PT-2026-23854

Name of the Vulnerable Software and Affected Versions WeKnora versions 0.2.5 through 0.2.9 WeKnora version 0.2.10 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains an unauthenticated remote code execution RCE issue in the MCP stdio...

WeKnora 操作系统命令注入漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Versions of WeKnora from 0.2.5 to 0.2.10 contained a vulnerability related to operating system command injection...

metasploit-mcp

metasploit-mcp Metasploit Framework MCP server for exploit ex...

CVE-2026-27576 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...

CVE-2026-27576

CVE-2026-27576 is currently reserved, but a linked advisory GHSA-CXPW-2G23-2VGW describes a vulnerability in the OpenClaw ACP local-stdio bridge. Affected: openclaw (npm), versions

CVE-2026-27576 OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE...

Allocation of Resources Without Limits or Throttling

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing prompt-size checks in the ACP local stdio bridge. An attacker can cause reduced responsiveness and increased resource...

OpenClaw: ACP prompt-size checks missing in local stdio bridge could reduce responsiveness with very large inputs

Vulnerability The ACP bridge accepted very large prompt text blocks and could assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affects local ACP clients for example IDE integrations that send unusually large inputs. Affected...

mcp-csharp-cmdexe-poc

MCP C SDK cmd.exe Argument Injection PoC Proof of concept fo...

Command Injection

github.com/tencent/weknora is vulnerable to command injection. The vulnerability is due to improper validation of user-supplied stdioconfig.command and args in MCP stdio settings, which allows an authenticated attacker to inject arbitrary commands and cause the server to execute malicious...

SUSE CVE-2026-22688

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

CVE-2026-22688

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

CVE-2026-22252

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fix...

CVE-2026-22252

LibreChat MCP stdio transport before v0.8.2-rc2 accepts arbitrary shell commands via a single API request, allowing authenticated users to execute commands as root inside the container. Affected component: LibreChat MCP stdio transport. Root cause: lack of input validation in the stdio transport ...

CVE-2026-22252 LibreChat MCP Stdio Remote Command Execution

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fix...

CVE-2026-22252 LibreChat MCP Stdio Remote Command Execution

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fix...

📄 LibreChat MCP Remote Command Execution

LibreChat's Model Context Protocol MCP implementation contained a remote command execution vulnerability that allowed any authenticated user to execute commands as root on the Docker container. A single API request could trigger the exploit by taking advantage of the exposure of the stdio transpo...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the stdioconfig.command or stdioconfig.args parameters in MCP stdio settings. An attacker can execute arbitrary system commands by injecting malicious values into these parameters. Remediation Upgrade...