CVE-2025-54073

mcp-package-docs versions prior to 0.1.28 node-code-sandbox-mcp versions prior to 0.1.28 mcp-server-kubernetes versions prior to 0.1.28 git-mcp-server versions prior to 0.1.28

A command injection vulnerability exists in multiple MCP (Model Context Protocol) servers. The vulnerability is caused by the unsanitized use of input parameters within calls to child process.exec or child process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges, potentially bypassing sandboxing mechanisms in some cases. The servers construct and execute shell commands using unvalidated user input directly within command-line strings, introducing the possibility of shell metacharacter injection (|, >, &&, etc.). Exploitation can occur through direct command execution or indirect prompt injection via file content or log messages.

mcp-package-docs versions prior to 0.1.28: Upgrade to version 0.1.28 or later. node-code-sandbox-mcp versions prior to 0.1.28: Upgrade to version 0.1.28 or later. mcp-server-kubernetes versions prior to 0.1.28: Upgrade to version 0.1.28 or later. git-mcp-server versions prior to 0.1.28: Upgrade to version 0.1.28 or later.

To mitigate this vulnerability, avoid using child process.exec or child process.execSync with untrusted input. Instead, use a safer API such as child process.execFile, which allows you to pass arguments as a separate array, avoiding shell interpretation entirely.