CVE-2026-5833 | awwaiid mcp-server-taskwarrior up to 1.0.1 index.ts server.setRequestHandler Identifier command injection

A vulnerability, which was classified as critical, was found in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection.

This vulnerability is listed as CVE-2026-5833. The attack must be carried out locally. In addition, an exploit is available.

Applying a patch is advised to resolve this issue.

The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

CVE-2026-5833 | awwaiid mcp-server-taskwarrior up to 1.0.1 index.ts server.setRequestHandler Identifier command injection

Post correlati

CVE-2024-4813 | Ruijie RG-UAC up to 20240506 interface_commit.php name os command injection

CVE-2024-56413 | Acronis Cyber Protect 16 up to 39168 on Windows session expiration

CVE-2024-44293 | Apple macOS up to 15.0 log file

CVE-2024-31265 | SumoMe Sumo Plugin up to 1.34 on WordPress cross-site request forgery