CNNVD-202601-2729 Information
CNNVD ID
CNNVD-202601-2729
Related CVE
- CNNVD Published: 2026-01-16
Description (Chinese)
Dive是OpenAgentPlatform开源的一个MCP主机桌面应用程序。 Dive 0.13.0之前版本存在代码注入漏洞,该漏洞源于特制深度链接可在未经充分用户确认的情况下安装攻击者控制的MCP服务器配置,可能导致在受害者机器上执行任意本地命令。
Description (English)
Dive is an MCP host desktop application from OpenAgentPlatform open source. The preDive 01.13.0 version has a code-infusion loophole, which stems from the fact that a special deep link can install an attacker-controlled MCP server configuration without adequate user confirmation, which may lead to the execution of arbitrary local orders on the victim ’ s machine.
Hazard Level
Low
Vulnerability Type
代码注入
Affected Vendor
OpenAgentPlatform
Published
2026-01-16
Last Modified
2026-02-24
References
https://github.com/OpenAgentPlatform/Dive/commit/a5162ac9eff366d8ea1215b8a47139a81a55a779 https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-pjj5-f3wm-f9m8 https://access.redhat.com/security/cve/cve-2026-23523
Patch
https://github.com/wagoodman/dive
Share on: