Skip to main content

Consult Llm Mcp

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5125 LOW POC PATCH Monitor

OS command injection in raine consult-llm-mcp up to version 2.5.3 allows local authenticated users to execute arbitrary system commands via manipulation of git_diff.base_ref or git_diff.files arguments passed to child_process.execSync in src/server.ts. The vulnerability requires local access and valid credentials (privilege level L), has a CVSS score of 5.3 with medium impact on confidentiality, integrity, and availability, and publicly available exploit code exists. Vendor-released patch addresses the issue in version 2.5.4.

Command Injection Consult Llm Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.2%
CVE-2026-5125
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

OS command injection in raine consult-llm-mcp up to version 2.5.3 allows local authenticated users to execute arbitrary system commands via manipulation of git_diff.base_ref or git_diff.files arguments passed to child_process.execSync in src/server.ts. The vulnerability requires local access and valid credentials (privilege level L), has a CVSS score of 5.3 with medium impact on confidentiality, integrity, and availability, and publicly available exploit code exists. Vendor-released patch addresses the issue in version 2.5.4.

Command Injection Consult Llm Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy