CVE-2026-4198 | hypermodel-labs mcp-server-auto-commit 1.0.0 index.ts getGitChanges command injection

A vulnerability has been found in hypermodel-labs mcp-server-auto-commit 1.0.0 and classified as critical. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection.

The identification of this vulnerability is CVE-2026-4198. The attack can only be executed locally. Furthermore, there is an exploit available.

Applying a patch is the recommended action to fix this issue.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-4198 | hypermodel-labs mcp-server-auto-commit 1.0.0 index.ts getGitChanges command injection

Post correlati

CVE-2024-37779 | WoodWing Elvis DAM 6.98.1 Apache Ant Script Remote Code Execution

CVE-2024-10921 | MongoDB Server up to 5.0.29/6.0.18/7.0.14/8.0.3 BSON Requests null byte or nul character

CVE-2023-50700 | Deepin dde-file-manager up to 6.0.54 D-Bus Method permission (Bug 10007)

CVE-2024-1932 | freescout-helpdesk freescout unrestricted upload