CVE-2026-7416 | PolarVista xcode-mcp-server 1.0.0 MCP Interface src/index.ts build_project/run_tests Request os command injection

A vulnerability categorized as critical has been discovered in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection.

This vulnerability is cataloged as CVE-2026-7416. The attack may be launched remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7416 | PolarVista xcode-mcp-server 1.0.0 MCP Interface src/index.ts build_project/run_tests Request os command injection

Post correlati

CVE-2024-6946 | Flute CMS 0.2.2.4-alpha /admin/pages/list blocks code injection

CVE-2024-58100 | Linux Kernel up to 6.12.24 bpf check_cfg changes_pkt_data state issue

CVE-2023-41542 | jeecg-boot 3.5.3 jmreport/qurestSql sql injection

CVE-2025-1052 | Mintty 3.4.5/3.4.7/3.6.3 Sixel Image Parser heap-based overflow