CNNVD-202510-1125 Information
CNNVD ID
CNNVD-202510-1125
Related CVE
- CNNVD Published: 2025-10-08
Description (Chinese)
Desktop Commander MCP是Eduard Ruzga个人开发者的一个MCP服务器。 Desktop Commander MCP 0.2.13及之前版本存在操作系统命令注入漏洞,该漏洞源于对文件src/command-manager.ts中函数CommandManager的操作不当,可能导致os命令注入攻击。
Description (English)
Desktop Commander MCP is an MCP server for Eduardo Ruzga’s personal developer. There is a gap in operating system command 0.2.13 and earlier versions of Desktop Commander MCP, which arises from the improper operation of the ComandManager function in document src/command-manager.ts, which may result in an Os order being injected into the attack.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
个人开发者
Published
2025-10-08
Last Modified
2026-02-24
References
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/217 https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/217#issue-3343853704 https://vuldb.com/?ctiid.327610 https://vuldb.com/?id.327610 https://vuldb.com/?submit.668006
Patch
https://github.com/wonderwhy-er/DesktopCommanderMCP/releases
Share on: