CVE-2026-3959

Name of the Vulnerable Software and Affected Versions 0xKoda WireMCP versions up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e

Description A flaw exists in 0xKoda WireMCP that allows for operating system command injection. The issue resides in the server.tool function within the index.js file of the Tshark CLI Command Handler component. Manipulation of this function can lead to the execution of arbitrary commands on the system. The attack requires local access. The exploit for this issue has been publicly released. The product employs a rolling release system, meaning version information for affected or updated releases is not publicly available. The project maintainers were notified of the issue but have not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.