Skip to main content

Mcp Calculate Server

1 CVEs product

Monthly

CVE-2026-44717 CRITICAL PATCH Act Now

Remote code execution in MCP Calculate Server versions before 0.1.1 allows unauthenticated attackers to execute arbitrary Python code via unsanitized mathematical expressions passed to eval(). The vulnerability stems from processing user-supplied math expressions without input validation, enabling injection of malicious Python code. While no public exploit or active exploitation has been identified, the network-accessible attack vector and lack of required authentication make this a critical risk for exposed instances.

RCE Code Injection Mcp Calculate Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in MCP Calculate Server versions before 0.1.1 allows unauthenticated attackers to execute arbitrary Python code via unsanitized mathematical expressions passed to eval(). The vulnerability stems from processing user-supplied math expressions without input validation, enabling injection of malicious Python code. While no public exploit or active exploitation has been identified, the network-accessible attack vector and lack of required authentication make this a critical risk for exposed instances.

RCE Code Injection Mcp Calculate Server
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy