Enviar #747209: GitHub HarmonyOS-mcp-server v0.1.0 Command Injectioninformación

TítuloGitHub HarmonyOS-mcp-server v0.1.0 Command Injection
DescripciónThe `text` parameter of the `input_text` tool provided by MCP uses the `asyncio.create_subprocess_shell` function for parse. This leads to arbitrary code execution. # TimeLine January 16, 2026: Vulnerability discovered January 19, 2026: Author XixianLiang notified January 24, 2026: Author confirms the vulnerability exists
Fuente⚠️ https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md
Usuario
 Lexpl0it (UID 89340)
Sumisión2026-01-27 07:03 (hace 3 meses)
Moderación2026-02-06 21:52 (11 days later)
EstadoAceptado
Entrada de VulDB344766 [XixianLiang HarmonyOS-mcp-server 0.1.0 input_text escalada de privilegios]
Puntos19

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!