Skip to main content

Awesome Cursor Mpc Server

1 CVEs product

Monthly

CVE-2026-7629 LOW POC PATCH Monitor

Command injection in awesome-cursor-mpc-server up to version 2.0.1 allows authenticated remote attackers to execute arbitrary system commands via the Code-Review Tool's runCodeReviewTool function in src/tools/codeReview.ts. The vulnerability stems from unsafe use of execSync with user-controlled input in git command construction. Publicly available exploit code exists, and a patch via PR #14 is available from the vendor, though formal release status is not confirmed.

Command Injection Awesome Cursor Mpc Server
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.7%
EPSS 1% CVSS 2.1
LOW POC PATCH Monitor

Command injection in awesome-cursor-mpc-server up to version 2.0.1 allows authenticated remote attackers to execute arbitrary system commands via the Code-Review Tool's runCodeReviewTool function in src/tools/codeReview.ts. The vulnerability stems from unsafe use of execSync with user-controlled input in git command construction. Publicly available exploit code exists, and a patch via PR #14 is available from the vendor, though formal release status is not confirmed.

Command Injection Awesome Cursor Mpc Server
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy