4 matches found
CVE-2026-53766
Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...
CVE-2026-53766 chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots
Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...
GHSA-RWC2-F344-Q6W6 serverless MCP Server vulnerable to Command Injection in list-projects tool
Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...
serverless MCP Server vulnerable to Command Injection in list-projects tool
Summary A command injection vulnerability exists in the Serverless Framework's built-in MCP server package @serverless/mcp. This vulnerability only affects users of the experimental MCP server feature serverless mcp, which represents less than 0.1% of Serverless Framework users. The core Serverle...