CNNVD-202511-491 Information

CNNVD ID

CNNVD-202511-491

Related CVE

CVE-2025-12489

• CNNVD Published: 2025-11-06

Description (Chinese)

Evernote MCP Server是brentmid个人开发者的一个大模型上下文协议服务器。 Evernote MCP Server存在操作系统命令注入漏洞，该漏洞源于openBrowser函数未正确验证用户提供的字符串，可能导致权限提升和执行任意代码。

Description (English)

Evernote MCP Server is a large-model context protocol server for the individual developer of the brainmid. Evernote MCP Server has a bug in the operating system command that originates from the openBrowser function ’ s failure to correctly verify the string provided by the user, which may lead to the upgrade of permissions and the enforcement of any code.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-11-06

Last Modified

2026-02-24

References

https://github.com/brentmid/evernote-mcp-server/commit/1e66c78c4ce6ea294ac6b0eb289a9eae9c5e9579 https://www.zerodayinitiative.com/advisories/ZDI-25-983/