CVE-2026-6130 | chatboxai chatbox up to 1.20.0 Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport args/env os command injection (Issue 3627)

A vulnerability was found in chatboxai chatbox up to 1.20.0. It has been declared as critical. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command injection.

This vulnerability is tracked as CVE-2026-6130. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-6130 | chatboxai chatbox up to 1.20.0 Model Context Protocol Server Management System ipc-stdio-transport.ts StdioClientTransport args/env os command injection (Issue 3627)

Post correlati

CVE-2023-31366 | AMD μProf Tool prior 3.4.494 denial of service

CVE-2024-42583 | Warehouse Inventory System 2.0 delete_user.php cross-site request forgery

CVE-2026-2217 | itsourcecode Event Management System 1.0 /admin/manage_user.php ID sql injection

CVE-2024-40638 | GLPI up to 10.0.16 sql injection (GHSA-8843-r3m7-gfqx)