PT-2025-29513 · Unknown · Github-Kanban-Mcp-Server
Lirantal
·
Published
2025-07-14
·
Updated
2025-07-17
·
CVE-2025-53818
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
GitHub Kanban MCP Server versions 0.3.0 through 0.4.0
Description:
GitHub Kanban MCP Server is a Model Context Protocol (MCP) server designed for managing GitHub issues in Kanban board format and streamlining LLM task management. The server’s
add comment tool utilizes the Node.js exec function to execute the GitHub (gh) command, creating a command injection issue when combined with untrusted user input.Recommendations:
GitHub Kanban MCP Server version 0.3.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
GitHub Kanban MCP Server version 0.4.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github-Kanban-Mcp-Server