CVE-2026-10279 | hiraishikentaro wezterm-mcp 0.1.0 switch_pane/write_to_specific_pane src/wezterm_executor.ts request.params.arguments.pane_id os command injection

A vulnerability, which was classified as critical, has been found in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm_executor.ts of the component switch_pane/write_to_specific_pane. The manipulation of the argument request.params.arguments.pane_id leads to os command injection.

This vulnerability is documented as CVE-2026-10279. The attack can be initiated remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-10279 | hiraishikentaro wezterm-mcp 0.1.0 switch_pane/write_to_specific_pane src/wezterm_executor.ts request.params.arguments.pane_id os command injection

Post correlati

CVE-2024-30162 | Invision Community up to 4.7.16 toolbar.php _toolbar::addPlugin Privilege Escalation

CVE-2025-12740 | Google Looker up to 25.0.92/25.6.83/25.12.41/25.14.49/25.16.43 input validation (gcp-2025-052)

CVE-2025-1800 | D-Link DAR-7000 3.2 HTTP POST Request sxh_vpnlic.php get_ip_addr_details ethname command injection

CVE-2025-52919 | Yealink YMCS RPS prior 2025-05-26 Certificate Upload certificate validation