Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Remote OS command injection in ArtMin96 yii2-mcp-server 1.0.2 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the yii_command_help or yii_execute_command functions in the MCP Interface component. Exploit code is publicly available, and the vendor has not yet responded to early disclosure through issue reporting.
Technical ContextAI
The yii2-mcp-server is a Model Context Protocol (MCP) interface implementation for the Yii2 framework. The vulnerability exists in src/index.ts within the MCP Interface component, specifically in the functions handling yii_command_help and yii_execute_command. CWE-78 (Improper Neutralization of Special Elements used in an OS Command) indicates that user-supplied input is not properly sanitized before being passed to OS command execution functions. This is a classic command injection flaw where special shell metacharacters (pipe, semicolon, backticks, dollar signs for variable expansion) are not escaped or validated, allowing attackers to break out of the intended command context and inject arbitrary commands.
RemediationAI
Immediate patch availability from the vendor is not confirmed; the project maintainer has not responded to the early disclosure issue. Users should: (1) Upgrade to the latest available version if one exists beyond 1.0.2 by checking the official GitHub repository at https://github.com/ArtMin96/yii2-mcp-server for recent commits or releases; (2) If no patch is available, restrict network access to the yii2-mcp-server MCP interface using firewall rules, limiting inbound connections to trusted IP ranges only; (3) Implement strict input validation and sanitization in any wrapper code that calls yii_command_help or yii_execute_command, using parameterized commands or shell argument arrays instead of string concatenation; (4) Consider replacing yii2-mcp-server with an actively maintained alternative if the maintainer does not release a security fix within 30 days; (5) Monitor the GitHub issue https://github.com/ArtMin96/yii2-mcp-server/issues/3 for vendor response or community-provided patches. Each of these controls trades off between functionality (firewall rules may block legitimate MCP clients) and effort (input validation requires code review and testing).
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26725