CNNVD-202509-2664 Information

CNNVD ID

CNNVD-202509-2664

Related CVE

CVE-2025-10619

• CNNVD Published: 2025-09-17

Description (Chinese)

Sequa MCP是sequa.ai开源的一款MCP协议的入口点。 Sequa MCP 1.0.13及之前版本存在操作系统命令注入漏洞，该漏洞源于OAuth Server Discovery组件中src/helpers/node-oauth-client-provider.ts文件的redirectToAuthorization函数存在命令注入漏洞，可能导致远程命令执行。

Description (English)

Sequa MCP is the entry point for an MCP agreement from the open source of sequa.ai. Sequa MCP 1.0.13 and previous versions have incorporated a loophole in the operating system commands, which originates from the Src/helpers/node-auth-client-provide function in the OAuth Server Discovery component and may result in remote command execution.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

sequa.ai

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/sequa-ai/sequa-mcp/commit/e569815854166db5f71c2e722408f8957fb9e804 https://lavender-bicycle-a5a.notion.site/Sequa-MCP-RCE-26853a41781f807da1c0cd158f9e3e1a?source=copy_link https://vuldb.com/?ctiid.324646 https://vuldb.com/?id.324646 https://vuldb.com/?submit.650189