Skip to main content

Quip Mcp Server CVE-2026-4192

| EUVDEUVD-2026-12255 LOW
Command Injection (CWE-77)
2026-03-15 VulDB
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

7
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
CVSS changed
Apr 22, 2026 - 21:37 NVD
6.3 (MEDIUM) 5.3 (MEDIUM)
PoC Detected
Mar 16, 2026 - 14:53 vuln.today
Public exploit code
EUVD ID Assigned
Mar 15, 2026 - 21:00 euvd
EUVD-2026-12255
Analysis Generated
Mar 15, 2026 - 21:00 vuln.today
CVE Published
Mar 15, 2026 - 20:32 nvd
MEDIUM 6.3

DescriptionCVE.org

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Remote command injection in Quip MCP Server 1.0.0 allows authenticated attackers to execute arbitrary system commands through the setupToolHandlers function in src/index.ts. Public exploit code exists for this vulnerability, and the developers have not yet released a patch despite early notification. The attack requires valid credentials but can be performed over the network with no user interaction needed.

Technical ContextAI

The vulnerability is a command injection flaw (CWE-77: Improper Neutralization of Special Elements used in a Command) in the quip-mcp-server application, which appears to be an MCP (Model Context Protocol) server implementation. The affected code path is the setupToolHandlers function in src/index.ts, which likely constructs and executes system commands without proper input sanitization. The CPE identifier (cpe:2.3:a:avinashbole:quip-mcp-server:*:*:*:*:*:*:*:*) indicates this affects the quip-mcp-server application across all versions, with confirmed impact on version 1.0.0. MCP servers often interact with external systems or execute tool handlers that may invoke shell commands, creating a natural attack surface if user-supplied input is incorporated into command construction without escaping.

RemediationAI

Immediate Actions: (1) If using quip-mcp-server 1.0.0, evaluate whether the application handles untrusted user input in the setupToolHandlers function; (2) Restrict network access to the MCP server to trusted internal networks only; (3) Implement authentication and authorization controls to limit who can interact with tool handlers. Patch Status: No official patch version is currently available from the vendor. Workarounds: (1) Implement input validation and sanitization in any code calling setupToolHandlers to strip or escape shell metacharacters; (2) Use allowlists for permitted commands rather than constructing dynamic commands; (3) Run the MCP server with minimal privileges (non-root user, restricted file permissions); (4) Use OS-level sandboxing or containers to limit blast radius of command injection. Monitoring: Monitor for evidence of exploitation by auditing process execution and command-line arguments on systems running quip-mcp-server. References for updates: https://github.com/AvinashBole/quip-mcp-server/issues/4 (issue tracker) and https://vuldb.com/?id.351099 (VulDB entry).

Share

CVE-2026-4192 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy