PT-2026-23889 · Ryuzakishinji · Biome-Mcp-Server

Yinci Chen

Publicado

2026-03-07

Atualizado

2026-03-08

CVE-2026-3680

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions RyuzakiShinji biome-mcp-server versions up to 1.0.0

Description A security flaw exists in RyuzakiShinji biome-mcp-server up to version 1.0.0, related to an unknown functionality within the biome-mcp-server.ts file. A manipulation of this functionality can lead to command injection, and the attack can be initiated remotely. The exploit has been publicly released.

Recommendations Apply patch 335e1727147efeef011f1ff8b05dd751d8a660be.

Exploit

Correção

Command Injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-74

Identificadores relacionados

CVE-2026-3680

Produtos afetados

Biome-Mcp-Server

PT-2026-23889 · Ryuzakishinji · Biome-Mcp-Server

CVE-2026-3680

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11