Skip to main content

Browser Tools Mcp

1 CVEs product

Monthly

CVE-2026-7064 MEDIUM POC This Month

Remote unauthenticated attackers can inject arbitrary operating system commands through the browser-connector.ts file in AgentDeskAI browser-tools-mcp versions up to 1.2.0, leading to command execution with application privileges. The vulnerability stems from improper input sanitization in file browser processing and has been published with publicly available exploit code; the vendor has been notified but has not yet released a patch.

Command Injection Browser Tools Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Remote unauthenticated attackers can inject arbitrary operating system commands through the browser-connector.ts file in AgentDeskAI browser-tools-mcp versions up to 1.2.0, leading to command execution with application privileges. The vulnerability stems from improper input sanitization in file browser processing and has been published with publicly available exploit code; the vendor has been notified but has not yet released a patch.

Command Injection Browser Tools Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy