CNNVD-202512-004 Information

CNNVD ID

CNNVD-202512-004

Related CVE

CVE-2025-66401

• CNNVD Published: 2025-12-01

Description (Chinese)

MCP Watch是Kapil Duraphe个人开发者的一个用于模型上下文协议服务器的全面安全扫描程序。 MCP Watch 0.1.2及之前版本存在操作系统命令注入漏洞，该漏洞源于命令注入，可能导致任意命令执行。

Description (English)

MCP Watch is a comprehensive security scanning program for model context protocol servers used by Kapil Duraphe personal developers. MCP Watch 0.1.2 and previous versions contained a loophole in the operating system, which originated in the injection of the order and could lead to arbitrary execution of the order.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/kapilduraphe/mcp-watch/security/advisories/GHSA-27m7-ffhq-jqrm https://github.com/kapilduraphe/mcp-watch/commit/e7da78c5b4b960f8b66c254059ad9ebc544a91a6 https://access.redhat.com/security/cve/cve-2025-66401