Skip to main content

MCP Calculate Server CVE-2026-44717

| EUVDEUVD-2026-30574 CRITICAL
Code Injection (CWE-94)
2026-05-15 GitHub_M
9.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Patch available
May 15, 2026 - 18:02 EUVD
Analysis Generated
May 15, 2026 - 17:30 vuln.today

DescriptionGitHub Advisory

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1.

AnalysisAI

Remote code execution in MCP Calculate Server versions before 0.1.1 allows unauthenticated attackers to execute arbitrary Python code via unsanitized mathematical expressions passed to eval(). The vulnerability stems from processing user-supplied math expressions without input validation, enabling injection of malicious Python code. While no public exploit or active exploitation has been identified, the network-accessible attack vector and lack of required authentication make this a critical risk for exposed instances.

Technical ContextAI

MCP Calculate Server is a mathematical calculation service implementing the MCP (Model Context Protocol) and leveraging Python's SymPy library for symbolic mathematics. The vulnerability exists in the server's expression evaluation logic, where user-provided mathematical expressions are passed directly to Python's eval() function without sanitization. This represents a classic CWE-94 (Improper Control of Generation of Code) vulnerability, where dynamic code execution capabilities are exposed to untrusted input. The CPE identifier cpe:2.3:a:611711dark:mcp_calculate_server indicates this affects the open-source project maintained by the 611711dark organization.

RemediationAI

Vendor-released patch: version 0.1.1. Organizations should immediately upgrade MCP Calculate Server to version 0.1.1 or later, which implements proper input sanitization before expression evaluation. The fix is documented in the GitHub Security Advisory at https://github.com/611711Dark/mcp_calculate_server/security/advisories/GHSA-2mgq-7rfg-rwpj. If immediate patching is not possible, consider restricting network access to the service through firewall rules or placing it behind authentication middleware, though these are temporary measures that do not eliminate the underlying code injection risk. For production deployments, implement network segmentation to limit potential lateral movement if compromise occurs.

Share

CVE-2026-44717 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy