CVE-2026-2130

Опубликовано: 08 фев. 2026

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

CVSS2: 6.5

EPSS Низкий

Описание

A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely. Upgrading to version 1.0.13 is able to mitigate this issue. This patch is called b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a. Upgrading the affected component is advised.

Ссылки

https://github.com/BurtTheCoder/mcp-maigret/
Product
https://github.com/BurtTheCoder/mcp-maigret/commit/b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a
Patch
https://github.com/BurtTheCoder/mcp-maigret/issues/9
Issue Tracking
https://github.com/BurtTheCoder/mcp-maigret/pull/10
Issue Tracking
Patch
https://github.com/BurtTheCoder/mcp-maigret/releases/tag/v1.0.13
Release Notes
https://vuldb.com/?ctiid.344765
Permissions Required
VDB Entry
https://vuldb.com/?id.344765
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.747171
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:burtthecoder:maigret_mcp_server:*:*:*:*:*:*:*:*

Версия до 1.0.12 (включая)

EPSS

Процентиль: 45%

0.00224

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-77

Связанные уязвимости

GHSA-2g7v-hghf-grg4

CVSS3: 6.3

github

2 месяца назад

mcp-maigret vulnerable to command injection

EPSS

Процентиль: 45%

0.00224

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-74

CWE-77