Skip to main content

Stata Mcp

1 CVEs product

Monthly

CVE-2026-31040 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution via command injection in stata-mcp versions before 1.13.0 allows unauthenticated attackers to execute arbitrary commands through insufficiently validated Stata do-file content. The vulnerability stems from CWE-94 improper control of code generation, enabling network-accessible exploitation without user interaction. CVSS 9.8 (Critical) reflects complete compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%, percentile 6%).

RCE Code Injection Stata Mcp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution via command injection in stata-mcp versions before 1.13.0 allows unauthenticated attackers to execute arbitrary commands through insufficiently validated Stata do-file content. The vulnerability stems from CWE-94 improper control of code generation, enabling network-accessible exploitation without user interaction. CVSS 9.8 (Critical) reflects complete compromise of confidentiality, integrity, and availability. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%, percentile 6%).

RCE Code Injection Stata Mcp
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy