Skip to main content

Magento2 Dev Mcp

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5603 npm LOW POC PATCH GHSA Monitor

OS command injection in elgentos magento2-dev-mcp up to version 1.0.2 allows local authenticated users to execute arbitrary system commands through the executeMagerun2Command function in src/index.ts. The vulnerability requires local access and valid user privileges but grants low-impact code execution capabilities. Publicly available exploit code exists, and vendor-released patch is available.

Command Injection Magento2 Dev Mcp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-5603 npm
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

OS command injection in elgentos magento2-dev-mcp up to version 1.0.2 allows local authenticated users to execute arbitrary system commands through the executeMagerun2Command function in src/index.ts. The vulnerability requires local access and valid user privileges but grants low-impact code execution capabilities. Publicly available exploit code exists, and vendor-released patch is available.

Command Injection Magento2 Dev Mcp
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy