CNNVD-202601-4189 Information

CNNVD ID

CNNVD-202601-4189

Related CVE

CVE-2026-0758

• CNNVD Published: 2026-01-23

Description (Chinese)

Siri Shortcuts MCP Server是David个人开发者的一个链接语音助手和大模型上下文协议服务器的工具。 Siri Shortcuts MCP Server存在操作系统命令注入漏洞，该漏洞源于对shortcutName参数缺乏验证，可能导致权限提升和执行任意代码。

Description (English)

Siri Shortcuts MCP Server is a link voice assistant to David’s personal developer and a large model context protocol server. Siri Shortcuts MCP Server has an operational system command leak, which results from a lack of validation of the shortcutName parameter, which may lead to the upgrade of permissions and the enforcement of any code.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2026-01-23

Last Modified

2026-02-24

References

https://www.zerodayinitiative.com/advisories/ZDI-26-024/