Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A weakness has been identified in dvladimirov MCP up to 0.1.0. The impacted element is the function GitSearchRequest of the file mcp_server.py of the component Git Search API. Executing a manipulation of the argument repo_url/pattern can lead to command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Command injection in dvladimirov MCP up to version 0.1.0 allows remote unauthenticated attackers to execute arbitrary system commands via manipulation of the repo_url or pattern arguments in the GitSearchRequest function of mcp_server.py. The vulnerability has a publicly available exploit and CVSS 6.9 score indicating moderate severity with network-accessible attack vector and low complexity, though the vendor has not responded to the early disclosure.
Technical ContextAI
The dvladimirov MCP project implements a Git Search API component in mcp_server.py. The GitSearchRequest function processes user-supplied input parameters (repo_url and pattern) without proper sanitization before passing them to system command execution. This is a classical OS command injection vulnerability (CWE-74: Improper Neutralization of Special Elements used in an OS Command) where user input is directly concatenated into shell commands without escaping or parameterized execution. The vulnerability affects the Git Search API interface which is exposed remotely, making it accessible over the network to unauthenticated users.
RemediationAI
No vendor-released patch identified at time of analysis. Immediate mitigations include: (1) disable or restrict network access to the Git Search API endpoint in mcp_server.py to trusted networks only via firewall rules or authentication reverse proxy, reducing attack vector from AV:N to AV:L; (2) implement strict input validation and sanitization for repo_url and pattern parameters using allowlisting (only permit alphanumeric characters, forward slashes, and hyphens for repo URLs; reject shell metacharacters like |, &, ;, $, `, backticks); (3) refactor GitSearchRequest to use parameterized subprocess execution (subprocess.run with list arguments and shell=False) instead of shell-based command construction, which eliminates OS command injection risk entirely; (4) run the MCP service with minimal privileges (dedicated non-root user account) to limit impact of successful code execution. Monitor https://github.com/dvladimirov/MCP/ for security updates. If input validation is deployed, test thoroughly with fuzzing to confirm shell metacharacter rejection.
Same technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25964