CVE-2026-30618 in Fayinformation

Résumé

par MITRE • 15/07/2026

xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulting in execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the Fay service.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

MITRE

Réserver

04/03/2026

Divulgation

15/07/2026

Modérer

accepté

Entrée

VDB-379436

CPE

prêt

EPSS

0.00000

KEV

non

Activités

très faible

Sources

Interested in the pricing of exploits?

See the underground prices here!