17 matches found
CVE-2026-7416
Summary: CVE-2026-7416 affects PolarVista xcode-mcp-server 1.0.0, specifically the MCP Interface’s build_project/run_tests in src/index.ts. The vulnerability arises from manipulating the Request argument, enabling an OS command injection. The advisory notes remote feasibility and public disclosur...
CVE-2026-7416 PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...
CVE-2026-7416 PolarVista xcode-mcp-server MCP index.ts run_tests os command injection
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...
PT-2026-36017
Name of the Vulnerable Software and Affected Versions PolarVista xcode-mcp-server version 1.0.0 Description An OS command injection issue exists in the MCP Interface component within the build project/run tests function of the src/index.ts file. This flaw allows a remote attacker to execute...
Xcode MCP Server 命令注入漏洞
Xcode MCP Server is an Xcode-integrated context-based protocol server developed by R. Huijts. Version 1.0.0 of Xcode MCP Server contains a command injection vulnerability. This vulnerability arises from the Request operation in the buildproject/runtests function within the src/index.ts file, whic...
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
xcode-mcp-server vulnerable to Command Injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
GHSA-84FX-PWF3-7777 xcode-mcp-server vulnerable to Command Injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
Arbitrary Command Injection
Overview xcode-mcp-server is an An MCP server for Xcode integration, enabling AI assistants to interact with Xcode projects Affected versions of this package are vulnerable to Arbitrary Command Injection via the registerXcodeTools function in the runlldb component when processing the args argumen...
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178 r-huijts xcode-mcp-server run_lldb index.ts registerXcodeTools command injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178 r-huijts xcode-mcp-server run_lldb index.ts registerXcodeTools command injection
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178
A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component runlldb. The manipulation of the argument args results in command injection. It is possible to...
CVE-2026-2178
A vulnerability CVE-2026-2178 affects the r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. It targets the run_lldb component, specifically the registerXcodeTools function in src/tools/xcode/index.ts, where manipulation of the args parameter enables command injection. The ...
PT-2026-7010
Name of the Vulnerable Software and Affected Versions r-huijts xcode-mcp-server versions up to f3419f00117aa9949e326f78cc940166c88f18cb Description A command injection issue exists in the registerXcodeTools function within the src/tools/xcode/index.ts file of the run lldb component. Manipulation ...
Xcode MCP Server 命令注入漏洞
Xcode MCP Server is an Xcode-compatible context protocol server developed by R. Huijts. Xcode MCP Server has a command injection vulnerability, which stems from incorrect handling of the args parameter in the src/tools/xcode/index.ts file, potentially leading to command injection...