CVE-2026-7600 | ArtMin96 yii2-mcp-server 1.0.2 MCP Interface src/index.ts yii_command_help/yii_execute_command os command injection

Inserito da Angelo Barbosa | Mag 1, 2026 | CVE

A vulnerability classified as critical was found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection.

This vulnerability is handled as CVE-2026-7600. The attack can be executed remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7600 | ArtMin96 yii2-mcp-server 1.0.2 MCP Interface src/index.ts yii_command_help/yii_execute_command os command injection

Post correlati

CVE-2025-9901 | libsoup HTTP Header Vary

CVE-2024-27895 | Huawei HarmonyOS Window Module permission

CVE-2024-4918 | Campcodes Online Examination System 1.0 updateQuestion.php id sql injection

CVE-2025-8199 | MarqueeAddons Plugin up to 2.4.3 on WordPress Testimonial Marquee Widget cross site scripting