Mcp Server Rijksmuseum
Monthly
Remote authenticated command injection in r-huijts mcp-server-rijksmuseum up to version 1.0.4 allows attackers with login credentials to execute arbitrary OS commands via manipulation of the imageUrl argument in the open_image_in_browser function. The vulnerability has publicly available exploit code and the vendor has not yet responded to early disclosure.
Remote authenticated command injection in r-huijts mcp-server-rijksmuseum up to version 1.0.4 allows attackers with login credentials to execute arbitrary OS commands via manipulation of the imageUrl argument in the open_image_in_browser function. The vulnerability has publicly available exploit code and the vendor has not yet responded to early disclosure.