Useworld

**Name of the Vulnerable Software and Affected Versions** Roslyn CodeLens MCP Server versions 0.0.9 through 1.16.0 **Description** The `get diagnostics` MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without an allowlist, signature check, or user confirmation. Because the `includeAnalyzers` variable defaults to true, no explicit opt-in is required. An attacker can achieve arbitrary code execution in the server process with the server's OS privileges by placing a malicious `.csproj` file that references an attacker-controlled DLL in a location opened by the victim using the MCP server. **Recommendations** Update to version 1.17.0.