CNNVD-202602-1188 Information

CNNVD ID

CNNVD-202602-1188

Related CVE

CVE-2026-2178

• CNNVD Published: 2026-02-08

Description (Chinese)

Xcode MCP Server是R.Huijts个人开发者的一个Xcode集成的上下文协议服务器。 Xcode MCP Server存在命令注入漏洞，该漏洞源于对文件src/tools/xcode/index.ts中参数args的错误操作，可能导致命令注入。

Description (English)

Xcode MCP Server is an Xcode integrated context protocol server for R. Huijts personal developers. Xcode MCP Server has a command-injecting loophole, which results from an error in the use of Args, the parameter in the document src/tools/xcode/index.ts, which may lead to the command-injection.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

个人开发者

Published

2026-02-08

Last Modified

2026-02-24

References

https://github.com/r-huijts/xcode-mcp-server/commit/11f8d6bacadd153beee649f92a78a9dad761f56f https://vuldb.com/?ctiid.344881 https://github.com/r-huijts/xcode-mcp-server/issues/13 https://vuldb.com/?id.344881 https://github.com/r-huijts/xcode-mcp-server/issues/13#issue-3878065790 https://vuldb.com/?submit.749569 https://access.redhat.com/security/cve/cve-2026-2178