Desktopcommandermcp
Monthly
OS command injection in DesktopCommanderMCP up to version 0.2.13 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the CommandManager function in src/command-manager.ts. The vulnerability has a low CVSS score (2.1) due to authentication requirement and limited scope, but publicly available exploit code exists and the low EPSS score (0.14th percentile) suggests real-world exploitation risk is minimal despite public POC availability.
OS command injection in DesktopCommanderMCP up to version 0.2.13 allows authenticated remote attackers to execute arbitrary operating system commands via the extractBaseCommand function in src/command-manager.ts when processing absolute file paths. The vulnerability requires authentication and has limited real-world impact scope, reflected in a low CVSS score of 2.1 and EPSS of 0.15%, though publicly available exploit code exists and the vendor acknowledges the issue remains unfixed pending real-world incident reports.
Symlink following in DesktopCommanderMCP up to version 0.2.13 allows local authenticated attackers to read files outside intended directory boundaries through the isPathAllowed function in filesystem.ts. The vulnerability requires local access and authenticated user privileges, with high attack complexity and low exploitability difficulty despite public availability of proof-of-concept code. This affects only unsupported product versions and carries minimal real-world risk (CVSS 1.1, EPSS 0.02%), though the vendor acknowledges the issue as a guardrail limitation rather than a hardened security boundary.
OS command injection in DesktopCommanderMCP up to version 0.2.13 allows authenticated remote attackers to execute arbitrary system commands via manipulation of the CommandManager function in src/command-manager.ts. The vulnerability has a low CVSS score (2.1) due to authentication requirement and limited scope, but publicly available exploit code exists and the low EPSS score (0.14th percentile) suggests real-world exploitation risk is minimal despite public POC availability.
OS command injection in DesktopCommanderMCP up to version 0.2.13 allows authenticated remote attackers to execute arbitrary operating system commands via the extractBaseCommand function in src/command-manager.ts when processing absolute file paths. The vulnerability requires authentication and has limited real-world impact scope, reflected in a low CVSS score of 2.1 and EPSS of 0.15%, though publicly available exploit code exists and the vendor acknowledges the issue remains unfixed pending real-world incident reports.
Symlink following in DesktopCommanderMCP up to version 0.2.13 allows local authenticated attackers to read files outside intended directory boundaries through the isPathAllowed function in filesystem.ts. The vulnerability requires local access and authenticated user privileges, with high attack complexity and low exploitability difficulty despite public availability of proof-of-concept code. This affects only unsupported product versions and carries minimal real-world risk (CVSS 1.1, EPSS 0.02%), though the vendor acknowledges the issue as a guardrail limitation rather than a hardened security boundary.