Forgecode
Monthly
Arbitrary code execution in ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, occurs because the tool auto-loads and honors a repository's project-local .mcp.json at startup without asking the user. A malicious repository can define mcpServers entries with arbitrary command/args (e.g. bash -c), so simply running the forge CLI inside a cloned untrusted repo spawns attacker-chosen commands as the invoking developer. Reported by VulnCheck with a vendor patch available; no public exploit tool is identified at time of analysis, though the CVE description itself embeds a working payload example.
Arbitrary code execution in ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, occurs because the tool auto-loads and honors a repository's project-local .mcp.json at startup without asking the user. A malicious repository can define mcpServers entries with arbitrary command/args (e.g. bash -c), so simply running the forge CLI inside a cloned untrusted repo spawns attacker-chosen commands as the invoking developer. Reported by VulnCheck with a vendor patch available; no public exploit tool is identified at time of analysis, though the CVE description itself embeds a working payload example.