CVE-2026-10661 | ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b server.py open input_image_url injection (Issue 202)

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. It has been rated as critical. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the argument input_image_url leads to injection.

This vulnerability is referenced as CVE-2026-10661. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. To fix this issue, it is recommended to deploy a patch.

CVE-2026-10661 | ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b server.py open input_image_url injection (Issue 202)

Post correlati

CVE-2025-14336 | itsourcecode Student Management System 1.0 /promote.php sy sql injection

CVE-2024-8792 | Subscribe to Comments Plugin up to 2.3 on WordPress cross site scripting

CVE-2024-43044 | Jenkins prior LTS 2.452.3/2.470 Agent Process ClassLoaderProxy#fetchJar information disclosure

CVE-2026-9704 | Keycloak on Red Hat JSON Web Token subject_token improper validation of specified quantity in input