DesktopCommanderMCP SSRF and Resource Exhaustion
2026-06-03
ReDoS (Regular Expression Denial of Service) in wonderwhy-er DesktopCommanderMCP versions up to 0.2.38 allows authenticated remote attackers to exhaust server CPU by supplying crafted regex patterns with nested quantifiers to the start_search function in src/search-manager.ts. The unpatched code compiled user-controlled regex patterns directly into JavaScript RegExp objects without validating for catastrophic backtracking constructs, enabling partial availability degradation. A public proof-of-concept exploit exists (CVSS E:P), though the vulnerability is not listed in CISA KEV, and the CVSS 4.0 base score of 2.1 reflects its limited, low-availability impact.
Server-Side Request Forgery in wonderwhy-er DesktopCommanderMCP 0.2.37 allows low-privileged remote MCP clients to coerce the server into fetching arbitrary internal URLs via the `url` argument of the `readFileFromUrl` function in `src/tools/filesystem.ts`. The unpatched server performs no origin validation and follows HTTP redirects automatically, enabling attackers to reach RFC 1918 private networks and cloud instance metadata services (AWS/GCP/Azure at 169.254.169.254) from the server's network context. Publicly available exploit code exists (CVSS 4.0 E:P), though no CISA KEV listing is present at time of analysis.