CVE-2026-2178 | r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb run_lldb src/tools/xcode/index.ts registerXcodeTools args command injection (Issue 13)

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb and classified as critical. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component run_lldb. The manipulation of the argument args results in command injection.

This vulnerability is known as CVE-2026-2178. It is possible to launch the attack remotely. Furthermore, an exploit is available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. Applying a patch is advised to resolve this issue.

CVE-2026-2178 | r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb run_lldb src/tools/xcode/index.ts registerXcodeTools args command injection (Issue 13)

Post correlati

CVE-2025-6342 | code-projects Online Shoe Store 1.0 admin_football.php pid sql injection

CVE-2024-42367 | aio-libs aiohttp up to 3.10.1 symlink (GHSA-jwhx-xcg6-8xhj)

CVE-2024-2768 | Campcodes Complete Online Beauty Parlor Management System 1.0 /admin/edit-services.php editid sql injection

CVE-2024-5863 | Easy Image Collage Plugin up to 1.13.5 on WordPress authorization