CVE-2026-10691 in DesktopCommanderMCPinfo

Summary

by MITRE • 06/03/2026

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulDB

Disclosure

06/03/2026

Moderation

accepted

Entry

VDB-367960

CPE

ready

CWE

CWE-1333 (confirmed)

Exploit

Download

CVSS

4.3 (VulDB)

EPSS

0.00060

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-10691
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-10691
CVE Details	https://www.cvedetails.com/cve/CVE-2026-10691/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!