Skip to main content

Website Downloader

1 CVEs product

Monthly

CVE-2026-7642 LOW POC Monitor

OS command injection in pskill9 website-downloader through 0.1.0 allows authenticated remote attackers to execute arbitrary system commands by manipulating the outputPath argument in the download_website function of the MCP Interface. Publicly available exploit code exists, though the low CVSS score (2.1) reflects required authentication and limited scope of impact; the vulnerability remains relevant for deployments where the MCP Interface is exposed to untrusted authenticated users.

Command Injection Website Downloader
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.7%
EPSS 1% CVSS 2.1
LOW POC Monitor

OS command injection in pskill9 website-downloader through 0.1.0 allows authenticated remote attackers to execute arbitrary system commands by manipulating the outputPath argument in the download_website function of the MCP Interface. Publicly available exploit code exists, though the low CVSS score (2.1) reflects required authentication and limited scope of impact; the vulnerability remains relevant for deployments where the MCP Interface is exposed to untrusted authenticated users.

Command Injection Website Downloader
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy