Skip to main content

Gitpilot Mcp

1 CVEs product

Monthly

CVE-2026-6980 MEDIUM POC This Month

Remote command injection in GitPilot-MCP allows unauthenticated attackers to execute arbitrary system commands via the repo_path function in main.py. The vulnerability affects all versions up to commit 9ed9f153ba4158a2ad230ee4871b25130da29ffd, with publicly available exploit code demonstrating practical exploitation. CVSS 7.3 (High) with network vector and no authentication required indicates significant exposure, though CVSS impact ratings (L/L/L) suggest attackers may have limited privileges in command execution context.

Command Injection Gitpilot Mcp
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
1.0%
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Remote command injection in GitPilot-MCP allows unauthenticated attackers to execute arbitrary system commands via the repo_path function in main.py. The vulnerability affects all versions up to commit 9ed9f153ba4158a2ad230ee4871b25130da29ffd, with publicly available exploit code demonstrating practical exploitation. CVSS 7.3 (High) with network vector and no authentication required indicates significant exposure, though CVSS impact ratings (L/L/L) suggest attackers may have limited privileges in command execution context.

Command Injection Gitpilot Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy