| Title | awwaiid mcp-server-taskwarrior <=1.0.1 Command Injection |
|---|
| Description | A command injection vulnerability exists in awwaiid/mcp-server-taskwarrior due to unsafe use of child_process.execSync when constructing TaskWarrior CLI commands with user-controlled input. Successful exploitation allows attackers to execute arbitrary shell commands with the privileges of the MCP server process. |
|---|
| Source | ⚠️ https://github.com/awwaiid/mcp-server-taskwarrior/issues/8 |
|---|
| User | Yinci Chen (UID 94659) |
|---|
| Submission | 03/26/2026 07:45 (17 days ago) |
|---|
| Moderation | 04/08/2026 19:15 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 356289 [awwaiid mcp-server-taskwarrior up to 1.0.1 index.ts server.setRequestHandler Identifier command injection] |
|---|
| Points | 19 |
|---|