Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.
Articles & Coverage 1
AnalysisAI
ReDoS (Regular Expression Denial of Service) in wonderwhy-er DesktopCommanderMCP versions up to 0.2.38 allows authenticated remote attackers to exhaust server CPU by supplying crafted regex patterns with nested quantifiers to the start_search function in src/search-manager.ts. The unpatched code compiled user-controlled regex patterns directly into JavaScript RegExp objects without validating for catastrophic backtracking constructs, enabling partial availability degradation. A public proof-of-concept exploit exists (CVSS E:P), though the vulnerability is not listed in CISA KEV, and the CVSS 4.0 base score of 2.1 reflects its limited, low-availability impact.
Technical ContextAI
DesktopCommanderMCP is a Model Context Protocol (MCP) server that grants Claude AI access to terminal commands and filesystem operations on a host desktop. The vulnerable component is src/search-manager.ts, which handles file-content and filename searching via the start_search tool. Prior to v0.2.39, the function accepted a user-supplied pattern string and compiled it directly into a JavaScript RegExp object with no pre-validation. JavaScript's regex engine employs backtracking, and certain pattern constructs - nested quantifiers such as (a+)+ or (a*)*, and overlapping alternations like (a|a)+ - exhibit exponential time complexity when matched against specially crafted input strings, a class of flaw described by CWE-400 (Uncontrolled Resource Consumption). The fix, visible in commit 4ce845f8749b6a159b57b38dcc3357f7222a8078, introduces isSafeRegex() to statically detect and reject dangerous nested-quantifier patterns, and buildSafeRegex() to fall back to escaped literal-string matching when such patterns are supplied, eliminating the backtracking exposure.
RemediationAI
Upgrade to DesktopCommanderMCP v0.2.39, which resolves the vulnerability by introducing isSafeRegex() and buildSafeRegex() helper functions that validate patterns for nested quantifiers and overlapping alternations before RegExp compilation, falling back to escaped literal matching when dangerous constructs are detected. The patched release is available at https://github.com/wonderwhy-er/DesktopCommanderMCP/releases/tag/v0.2.39 and corresponds to commit 4ce845f8749b6a159b57b38dcc3357f7222a8078. If immediate upgrade is not feasible, restrict access to the MCP server's search tool to a minimal set of highly trusted authenticated users via network-level controls or MCP server configuration - since PR:L authentication is already required, tightening this to admin-only sessions or applying firewall rules that limit which clients can issue search calls substantially reduces residual exposure with minimal operational impact. Note that disabling the search feature entirely is also an option if it is not operationally critical, as this eliminates the attack surface without side effects to other MCP tool capabilities.
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34056
GHSA-r87g-78mx-3wg4