CNNVD-202601-1814 Information

CNNVD ID

CNNVD-202601-1814

Related CVE

CVE-2026-22785

• CNNVD Published: 2026-01-12

Description (Chinese)

Orval是Orval开源的一个接口开发工具。 orval 7.18.0之前版本存在命令注入漏洞，该漏洞源于MCP服务器生成逻辑未对OpenAPI规范的summary字段进行适当验证或转义，可能导致任意代码注入。

Description (English)

Orval is an interface development tool for the Open Source of Orval. Orval 7.18.0 has a command-injecting loophole, which stems from the fact that the MCP server generation logic does not properly validate or transpose the submary fields of OpenAPI, which may result in any code injection.

Hazard Level

Low

Vulnerability Type

命令注入

Affected Vendor

Orval

Published

2026-01-12

Last Modified

2026-02-24

References

https://github.com/orval-labs/orval/commit/80b5fe73b94f120a3a5561952d6d4b0f8d7e928d https://github.com/orval-labs/orval/security/advisories/GHSA-mwr6-3gp8-9jmj

Patch

https://github.com/orval-labs/orval/releases