CVE-2026-4199 | bazinga012 mcp_code_executor up to 0.3.0 src/index.ts installDependencies command injection

A vulnerability was found in bazinga012 mcp_code_executor up to 0.3.0 and classified as critical. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection.

This vulnerability is referenced as CVE-2026-4199. The attack can only be performed from a local environment. Furthermore, an exploit is available.

It is best practice to apply a patch to resolve this issue.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-4199 | bazinga012 mcp_code_executor up to 0.3.0 src/index.ts installDependencies command injection

Post correlati

CVE-2022-45851 | ShareThis Dashboard for Google Analytics Plugin up to 3.1.4 on WordPress authorization

CVE-2025-30990 | ThemeHunk Plugin up to 1.1.1 on WordPress authorization

CVE-2025-53762 | Microsoft Purview permissive list of allowed inputs

CVE-2025-31207 | Apple iOS/iPadOS up to 18.4 information disclosure