CVE-2026-7642 | pskill9 website-downloader up to 0.1.0 MCP Interface src/index.ts download_website outputPath os command injection

A vulnerability, which was classified as critical, has been found in pskill9 website-downloader up to 0.1.0. This affects the function download_website of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument outputPath results in os command injection.

This vulnerability was named CVE-2026-7642. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7642 | pskill9 website-downloader up to 0.1.0 MCP Interface src/index.ts download_website outputPath os command injection

Post correlati

CVE-2025-49643 | Zabbix up to 6.0.41/7.0.18/7.2.12/7.4.2 Parameter /imgstore.php amplification

CVE-2025-11812 | Reuse Builder Plugin up to 1.7 on WordPress Shortcode reuse_builder_single_post_title cross site scripting

CVE-2024-53620 | SPIP 4.3.3 Article Module Title cross site scripting

CVE-2024-11181 | wpsoul Greenshift Plugin up to 9.9.9.3 on WordPress Shortcode wp_reusable_render authorization