CVE-2026-7628 | crazyrabbitLTC mcp-code-review-server up to 0.1.0 RepoMix Command src/repomix.ts executeRepomix command injection

A vulnerability has been found in crazyrabbitLTC mcp-code-review-server up to 0.1.0 and classified as critical. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection.

This vulnerability was named CVE-2026-7628. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through a pull request but has not reacted yet.

CVE-2026-7628 | crazyrabbitLTC mcp-code-review-server up to 0.1.0 RepoMix Command src/repomix.ts executeRepomix command injection

Post correlati

CVE-2024-33612 | F5 BIG-IP Next Central Manager up to 20.1.0 certificate validation (K000139012)

CVE-2025-4969 | libsoup soup-multipart.c find_boundary out-of-bounds

CVE-2026-3843 | Nefteprodukttekhnika BUK TS-G Gas Station Automation System up to 2.10.1 on Linux sql injection

CVE-2024-4367 | Mozilla Thunderbird up to 115.10 PDF.js type conversion (Bug 1893645)