CVE-2026-3680 | RyuzakiShinji biome-mcp-server up to 1.0.0 biome-mcp-server.ts command injection

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability, which was classified as critical, has been found in RyuzakiShinji biome-mcp-server up to 1.0.0. Affected by this issue is some unknown functionality of the file biome-mcp-server.ts. Performing a manipulation results in command injection.

This vulnerability is identified as CVE-2026-3680. The attack can be initiated remotely. Additionally, an exploit exists.

Applying a patch is the recommended action to fix this issue.

CVE-2026-3680 | RyuzakiShinji biome-mcp-server up to 1.0.0 biome-mcp-server.ts command injection

Post correlati

CVE-2024-39490 | Linux Kernel up to 5.15.160/6.1.92/6.6.32/6.9.3 ipv6 seg6_input_core memory leak

CVE-2023-49801 | Lif-Platforms Lif-Auth-Server up to 1.3.x get_pfp/get_banner path traversal (GHSA-3v77-pvqq-qg3f)

CVE-2025-40939 | Siemens SIMATIC CN 4100 up to 4.0.0 USB Port access control (ssa-416652)

CVE-2025-6167 | themanojdesai python-a2a up to 0.5.5 api.py create_workflow path traversal (Issue 40)