CVE-2026-5603 | elgentos magento2-dev-mcp up to 1.0.2 src/index.ts executeMagerun2Command os command injection

Inserito da Angelo Barbosa | Apr 5, 2026 | CVE

A vulnerability was found in elgentos magento2-dev-mcp up to 1.0.2 and classified as critical. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection.

This vulnerability is traded as CVE-2026-5603. An attack has to be approached locally. Furthermore, there is an exploit available.

A patch should be applied to remediate this issue.

CVE-2026-5603 | elgentos magento2-dev-mcp up to 1.0.2 src/index.ts executeMagerun2Command os command injection

Post correlati

CVE-2024-27791 | Apple macOS App memory corruption

CVE-2025-14153 | Page Expire Popup Redirection Plugin up to 1.0 on WordPress Shortcode Attribute ID sql injection

CVE-2023-51695 | WPEverest Everest Forms Plugin up to 2.0.4.1 on WordPress cross site scripting

CVE-2024-10936 | String Locator Plugin up to 2.6.6 on WordPress code injection