Mcp Server Taskwarrior

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-5833 MEDIUM POC PATCH This Month

Command injection in awwaiid mcp-server-taskwarrior up to version 1.0.1 allows local authenticated attackers to execute arbitrary system commands via manipulation of the Identifier argument in the server.setRequestHandler function of index.ts. Publicly available exploit code exists, and the vendor has released a patched version following responsible disclosure practices. This is a locally-exploitable vulnerability requiring authenticated access with moderate CVSS severity (5.3), but the presence of public exploit code and low attack complexity elevates practical risk.

Command Injection Node.js Mcp Server Taskwarrior
NVD VulDB GitHub
CVSS 4.0
4.8
EPSS
0.2%
CVE-2026-5833
EPSS 0% CVSS 4.8
MEDIUM POC PATCH This Month

Command injection in awwaiid mcp-server-taskwarrior up to version 1.0.1 allows local authenticated attackers to execute arbitrary system commands via manipulation of the Identifier argument in the server.setRequestHandler function of index.ts. Publicly available exploit code exists, and the vendor has released a patched version following responsible disclosure practices. This is a locally-exploitable vulnerability requiring authenticated access with moderate CVSS severity (5.3), but the presence of public exploit code and low attack complexity elevates practical risk.

Command Injection Node.js Mcp Server Taskwarrior
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy