Godot Mcp

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-25546 HIGH PATCH This Week

Remote code execution in Godot MCP prior to version 0.1.1 results from unsafe shell command execution when processing user-supplied project paths. An unauthenticated attacker can inject shell metacharacters through multiple tools (create_scene, add_node, load_sprite, etc.) to execute arbitrary commands with the privileges of the MCP server process. No patch is currently available for affected deployments.

RCE Command Injection Godot Mcp

NVD GitHub VulDB

CVSS 3.1

7.8

EPSS

0.0%

CVE-2026-25546

EPSS 0% CVSS 7.8

HIGH PATCH This Week

Remote code execution in Godot MCP prior to version 0.1.1 results from unsafe shell command execution when processing user-supplied project paths. An unauthenticated attacker can inject shell metacharacters through multiple tools (create_scene, add_node, load_sprite, etc.) to execute arbitrary commands with the privileges of the MCP server process. No patch is currently available for affected deployments.

RCE Command Injection Godot Mcp

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy