| Título | efforthye fast-filesystem-mcp <= 3.5.1 Command Injection |
|---|
| Descrição | A command injection vulnerability exists in efforthye/fast-filesystem-mcp due to unsafe use of child_process.execAsync when constructing shell commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process. |
|---|
| Fonte | ⚠️ https://github.com/efforthye/fast-filesystem-mcp/issues/15 |
|---|
| Utilizador | Yinci Chen (UID 94659) |
|---|
| Submissão | 16/03/2026 12h39 (há 21 dias) |
|---|
| Moderação | 01/04/2026 15h27 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 354658 [efforthye fast-filesystem-mcp até 3.5.1 src/index.ts handleGetDiskUsage Elevação de Privilégios] |
|---|
| Pontos | 18 |
|---|