Skip to main content

DesktopCommanderMCP CVE-2026-10691

| EUVDEUVD-2026-34056 LOW
Uncontrolled Resource Consumption (CWE-400)
2026-06-03 cna@vuldb.com GHSA-r87g-78mx-3wg4
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 03, 2026 - 00:27 vuln.today
Analysis Generated
Jun 03, 2026 - 00:27 vuln.today

DescriptionCVE.org

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.

AnalysisAI

ReDoS (Regular Expression Denial of Service) in wonderwhy-er DesktopCommanderMCP versions up to 0.2.38 allows authenticated remote attackers to exhaust server CPU by supplying crafted regex patterns with nested quantifiers to the start_search function in src/search-manager.ts. The unpatched code compiled user-controlled regex patterns directly into JavaScript RegExp objects without validating for catastrophic backtracking constructs, enabling partial availability degradation. A public proof-of-concept exploit exists (CVSS E:P), though the vulnerability is not listed in CISA KEV, and the CVSS 4.0 base score of 2.1 reflects its limited, low-availability impact.

Technical ContextAI

DesktopCommanderMCP is a Model Context Protocol (MCP) server that grants Claude AI access to terminal commands and filesystem operations on a host desktop. The vulnerable component is src/search-manager.ts, which handles file-content and filename searching via the start_search tool. Prior to v0.2.39, the function accepted a user-supplied pattern string and compiled it directly into a JavaScript RegExp object with no pre-validation. JavaScript's regex engine employs backtracking, and certain pattern constructs - nested quantifiers such as (a+)+ or (a*)*, and overlapping alternations like (a|a)+ - exhibit exponential time complexity when matched against specially crafted input strings, a class of flaw described by CWE-400 (Uncontrolled Resource Consumption). The fix, visible in commit 4ce845f8749b6a159b57b38dcc3357f7222a8078, introduces isSafeRegex() to statically detect and reject dangerous nested-quantifier patterns, and buildSafeRegex() to fall back to escaped literal-string matching when such patterns are supplied, eliminating the backtracking exposure.

RemediationAI

Upgrade to DesktopCommanderMCP v0.2.39, which resolves the vulnerability by introducing isSafeRegex() and buildSafeRegex() helper functions that validate patterns for nested quantifiers and overlapping alternations before RegExp compilation, falling back to escaped literal matching when dangerous constructs are detected. The patched release is available at https://github.com/wonderwhy-er/DesktopCommanderMCP/releases/tag/v0.2.39 and corresponds to commit 4ce845f8749b6a159b57b38dcc3357f7222a8078. If immediate upgrade is not feasible, restrict access to the MCP server's search tool to a minimal set of highly trusted authenticated users via network-level controls or MCP server configuration - since PR:L authentication is already required, tightening this to admin-only sessions or applying firewall rules that limit which clients can issue search calls substantially reduces residual exposure with minimal operational impact. Note that disabling the search feature entirely is also an option if it is not operationally critical, as this eliminates the attack surface without side effects to other MCP tool capabilities.

Share

CVE-2026-10691 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy