CNNVD-202509-405 Information

CNNVD ID

CNNVD-202509-405

Related CVE

CVE-2025-58176

• CNNVD Published: 2025-09-03

Description (Chinese)

Dive是OpenAgentPlatform开源的一个MCP主机桌面应用程序。 Dive 0.9.3及之前版本存在安全漏洞，该漏洞源于自定义URL处理不当，可能导致远程代码执行。

Description (English)

Dive is an MCP host desktop application from OpenAgentPlatform open source. There is a security loophole in Dive 0.9.3 and earlier versions, which stems from the inappropriate handling of custom URLs, which may lead to remote code implementation.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

OpenAgentPlatform

Published

2025-09-03

Last Modified

2026-02-24

References

https://github.com/OpenAgentPlatform/Dive/commit/acae6d40354d380f69f8241e9122a43ff64cff11 https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-2r34-7pgx-vvrc

Patch

https://github.com/OpenAgentPlatform/Dive/releases