CVE-2026-25546
HIGH
GHSA-8jx2-rhfh-q928
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), which spawns a shell. An attacker could inject shell metacharacters like $(command) or &calc to execute arbitrary commands with the privileges of the MCP server process. This affects any tool that accepts projectPath, including create_scene, add_node, load_sprite, and others. This issue has been patched in version 0.1.1.
Analysis
Remote code execution in Godot MCP prior to version 0.1.1 results from unsafe shell command execution when processing user-supplied project paths. An unauthenticated attacker can inject shell metacharacters through multiple tools (create_scene, add_node, load_sprite, etc.) to execute arbitrary commands with the privileges of the MCP server process. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Godot MCP and isolate affected instances from production networks; disable the executeOperation function if possible. Within 7 days: Implement network-level access controls restricting MCP server connectivity to trusted hosts only; deploy input validation and sanitization rules. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today