CNNVD-202602-1233 Information

Feb 08, 2026 cve

CNNVD ID

CNNVD-202602-1233

CVE-2026-2130

CNNVD Published: 2026-02-08

Description (Chinese)

Maigret MCP Server是Burt个人开发者的一个用于情报分析的上下文协议服务器。 Maigret MCP Server 1.0.12及之前版本存在命令注入漏洞，该漏洞源于对组件search_username中文件src/index.ts的参数Username的错误操作，可能导致命令注入。

Description (English)

Magret MCP Server is a context protocol server for intelligence analysis by Burt’s personal developer. Magret MCP Server 1.0.12 and previous versions have a command-injecting loophole, which results from an error in the parameter Username for the document src/index.ts in component search username, which may lead to the command-injection.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

个人开发者

Published

2026-02-08

Last Modified

2026-02-24

References

https://github.com/BurtTheCoder/mcp-maigret/commit/b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a https://vuldb.com/?ctiid.344765 https://github.com/BurtTheCoder/mcp-maigret/releases/tag/v1.0.13 https://github.com/BurtTheCoder/mcp-maigret/issues/9 https://vuldb.com/?submit.747171 https://github.com/BurtTheCoder/mcp-maigret/pull/10 https://vuldb.com/?id.344765 https://access.redhat.com/security/cve/cve-2026-2130

Share on: