| Title | wonderwhy-er DesktopCommanderMCP 0.2.13 OS Command Injection |
|---|
| Description | Command Blocklist Bypass via Absolute Path
The command blocklist can be bypassed by specifying the absolute path to a blocked command. The extractBaseCommand function uses the entire string as the command name if it contains no spaces, failing to normalise paths to their base command name. For example, the check fails to match the blocked command sudo with the user input /usr/bin/sudo.
This vulnerability allows a malicious actor to bypass the command blocklist by simply providing a full path to the command. This leads to arbitrary command execution, nullifying the security control. The severity would vary depending on the privileges of the user running the server. |
|---|
| Source | ⚠️ https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/218 |
|---|
| User | crem (UID 91252) |
|---|
| Submission | 10/03/2025 07:16 (6 months ago) |
|---|
| Moderation | 10/08/2025 12:53 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 327609 [wonderwhy-er DesktopCommanderMCP up to 0.2.13 Absolute Path src/command-manager.ts extractBaseCommand os command injection] |
|---|
| Points | 20 |
|---|