CVE-2026-7446 in mcp-server-semgrepthông tin

Tóm tắt

Bởi MITRE • 30/04/2026

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 1.0.1 is able to mitigate this issue. The patch is identified as 141335da044e53c3f5b315e0386e01238405b771. It is advisable to upgrade the affected component.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

VulDB

Tiết lộ

30/04/2026

Kiểm duyệt

được chấp nhận

mục

VDB-360187

CPE

sẵn sàng

CWE

CWE-78 (Đã xác nhận)

Khai thác

Tải xuống

CVSS

7.3 (VulDB)

EPSS

0.01738

KEV

không

Các hoạt động

rất thấp

ngành

Finance, Industry, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7446
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7446
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7446/

◂ Trước Tổng Quan Tiếp theo ▸

Do you need the next level of professionalism?

Upgrade your account now!