إرسال #747209: GitHub HarmonyOS-mcp-server v0.1.0 Command Injectionالمعلومات

عنوانGitHub HarmonyOS-mcp-server v0.1.0 Command Injection
الوصفThe `text` parameter of the `input_text` tool provided by MCP uses the `asyncio.create_subprocess_shell` function for parse. This leads to arbitrary code execution. # TimeLine January 16, 2026: Vulnerability discovered January 19, 2026: Author XixianLiang notified January 24, 2026: Author confirms the vulnerability exists
المصدر⚠️ https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md
المستخدم
 Lexpl0it (UID 89340)
ارسال27/01/2026 07:03 AM (3 أشهر منذ)
الاعتدال06/02/2026 09:52 PM (11 days later)
الحالةتمت الموافقة
إدخال VulDB344766 [XixianLiang HarmonyOS-mcp-server 0.1.0 input_text تجاوز الصلاحيات]
النقاط19

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!