Skip to main content

Mcp Code Executor CVE-2026-4199

| EUVD-2026-12269 LOW
Command Injection (CWE-77)
2026-03-16 VulDB
Command Injection Mcp Code Executor
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

8
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
4.8 (MEDIUM) 1.9 (LOW)
CVSS changed
Apr 22, 2026 - 21:37 NVD
5.3 (MEDIUM) 4.8 (MEDIUM)
PoC Detected
Mar 16, 2026 - 14:53 vuln.today
Public exploit code
EUVD ID Assigned
Mar 16, 2026 - 01:00 euvd
EUVD-2026-12269
Analysis Generated
Mar 16, 2026 - 01:00 vuln.today
Patch released
Mar 16, 2026 - 01:00 nvd
Patch available
CVE Published
Mar 16, 2026 - 00:02 nvd
MEDIUM 5.3

DescriptionCVE.org

A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available and might be used. It is best practice to apply a patch to resolve this issue. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Command injection in bazinga012 mcp_code_executor up to version 0.3.0 allows local attackers with user-level privileges to execute arbitrary commands through the installDependencies function in src/index.ts. Public exploit code exists for this vulnerability, affecting Python and Node.js environments. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment While the CVSS 3.1 score of 5.3 indicates medium severity with low attack complexity and low privilege requirements, the real-world risk profile requires nuanced assessment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A developer with local system access runs the mcp_code_executor tool and supplies a maliciously crafted package name to the installDependencies function—for example, a name containing shell metacharacters such as 'package; rm -rf /' or backticks executing arbitrary commands. Because the function does not properly escape or parameterize the input before executing shell commands, the injected commands execute with the privilege level of the process running the tool. …
Remediation Immediately cease usage of mcp_code_executor versions 0.3.0 and earlier until a patched version is released. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems running bazinga012 mcp_code_executor and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-4199 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy