CNNVD-202601-1202 Information

CNNVD ID

CNNVD-202601-1202

Related CVE

CVE-2025-61489

• CNNVD Published: 2026-01-07

Description (Chinese)

mcp-shell是Marquitos个人开发者的一个上下文协议服务器。 mcp-shell 0.3.1版本存在安全漏洞，该漏洞源于shell_exec函数存在命令注入，可能导致执行任意命令。

Description (English)

mcp-shell is a context protocol server for Marquitos personal developers. There is a security loophole in version mcp-shell 0.3.1, which stems from the existence of an order injection in the shell exec function, which may lead to the execution of an arbitrary order.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/sonirico/mcp-shell https://github.com/sonirico/mcp-shell/issues/4 https://access.redhat.com/security/cve/cve-2025-61489

Patch

https://github.com/sonirico/mcp-shell/releases