CVE-2026-1977 | isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61 visualize_data eval vegalite_specification code injection

A vulnerability classified as critical was found in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the argument vegalite_specification leads to code injection.

This vulnerability is listed as CVE-2026-1977. The attack may be performed from remote. In addition, an exploit is available.

This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-1977 | isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61 visualize_data eval vegalite_specification code injection

Post correlati

CVE-2024-6150 | Citrix Provisioning denial of service (CTX678025)

CVE-2024-6401 | SFS Consulting InsureE GL up to 4.6.1 sql injection

CVE-2024-54764 | ipTIME A2004 12.17.0 /login/hostinfo2.cgi information disclosure

CVE-2021-4439 | Linux Kernel up to 5.14.14 isdn kcapi.c cmtp_add_connection array index