Количество 3
Количество 3
CVE-2025-53967
Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malicious commands that are executed with the privileges of the MCP process. Exploitation requires network access to the MCP interface.
GHSA-gxw4-4fc5-9gr5
figma-developer-mcp vulnerable to command injection in get_figma_data tool
BDU:2026-00243
Уязвимость MCP- сервера Framelink Figma MCP Server, связанная с использованием незащищенного альтернативного канала, позволяющая нарушителю выполнить произвольные команды
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-53967 Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input that is used by a fetchWithRetry curl command. The vulnerable endpoint fails to properly sanitize user-supplied input, enabling the attacker to inject malicious commands that are executed with the privileges of the MCP process. Exploitation requires network access to the MCP interface. | CVSS3: 8 | 0% Низкий | 4 месяца назад |
| GHSA-gxw4-4fc5-9gr5 figma-developer-mcp vulnerable to command injection in get_figma_data tool | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
 | BDU:2026-00243 Уязвимость MCP- сервера Framelink Figma MCP Server, связанная с использованием незащищенного альтернативного канала, позволяющая нарушителю выполнить произвольные команды | CVSS3: 8 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу