CNNVD-202601-4200 Information

CNNVD ID

CNNVD-202601-4200

Related CVE

CVE-2025-15061

• CNNVD Published: 2026-01-23

Description (Chinese)

Framelink Figma MCP Server是Graham Lipsman个人开发者的一个MCP服务器。 Framelink Figma MCP Server存在操作系统命令注入漏洞，该漏洞源于fetchWithRetry方法缺少对用户提供字符串的验证，可能导致命令注入和远程代码执行。

Description (English)

Framelink Figma MCP Server is an MCP server for Graham Lipsman’s personal developer. Framelink Figma MCP Server has an operational system command leak, which arises from the fact that the FetchWithRetry method lacks a string validation for users, which may lead to command injection and remote code execution.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2026-01-23

Last Modified

2026-02-24

References

https://github.com/GLips/Figma-Context-MCP/security/advisories/GHSA-gxw4-4fc5-9gr5 https://www.zerodayinitiative.com/advisories/ZDI-25-1197/

Patch

https://github.com/GLips/Figma-Context-MCP/releases