CNNVD-202602-1807 Information

CNNVD ID

CNNVD-202602-1807

Related CVE

CVE-2026-26029

• CNNVD Published: 2026-02-11

Description (Chinese)

sf-mcp-server是Anton Kutishevsky个人开发者的一个上下文协议服务器。 sf-mcp-server存在操作系统命令注入漏洞，该漏洞源于使用child_process.exec处理用户输入时存在不安全操作，可能导致命令注入攻击。

Description (English)

sf-mcp-server is a context protocol server for Anton Kutishevsky personal developer. sf-mcp-server has an operational system command leak, which results from unsafe handling of user input using child process.exec, which may result in an order being injected into an attack.

Vulnerability Type

操作系统命令注入

Affected Vendor

个人开发者

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/akutishevsky/sf-mcp-server/commit/99fba0171b8c22b5ee3c0405053ccfd2910a066d https://github.com/akutishevsky/sf-mcp-server/security/advisories/GHSA-h4w9-g9c5-vfwq

Patch

https://github.com/akutishevsky/sf-mcp-server