Skip to main content

Code Mcp

2 CVEs product

Monthly

CVE-2026-7812 MEDIUM POC This Month

Command injection in code-mcp's git_operation function allows remote attackers to execute arbitrary system commands by manipulating the operation argument. The vulnerability affects all versions up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8 and has publicly available exploit code. Continuous delivery model means no versioned releases exist, complicating patching timelines.

Command Injection Code Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-7811 MEDIUM POC This Month

Path traversal vulnerability in 54yyyu code-mcp's MCP File Handler (function is_safe_path in src/code_mcp/server.py) allows remote unauthenticated attackers to access files outside intended directories with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; the project uses rolling releases without versioned releases, and the vendor has not yet responded to early disclosure.

Path Traversal Code Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Command injection in code-mcp's git_operation function allows remote attackers to execute arbitrary system commands by manipulating the operation argument. The vulnerability affects all versions up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8 and has publicly available exploit code. Continuous delivery model means no versioned releases exist, complicating patching timelines.

Command Injection Code Mcp
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Path traversal vulnerability in 54yyyu code-mcp's MCP File Handler (function is_safe_path in src/code_mcp/server.py) allows remote unauthenticated attackers to access files outside intended directories with low confidentiality, integrity, and availability impact. Publicly available exploit code exists; the project uses rolling releases without versioned releases, and the vendor has not yet responded to early disclosure.

Path Traversal Code Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy