PT-2026-26662 · Sigmade · Git-Mcp-Server
Vuldb
+1
·
Published
2026-03-20
·
Updated
2026-03-22
·
CVE-2026-4496
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
sigmade Git-MCP-Server versions prior to 785aa159f262a02d5791a5d8a8e13c507ac42880
Description
A flaw exists in sigmade Git-MCP-Server due to an os command injection within the
child process.exec function located in the src/gitUtils.ts file, specifically within the show file diff component. The issue is triggered through local exploitation. The exploit has been publicly disclosed.Recommendations
Apply a patch to correct this issue.
Exploit
Fix
OS Command Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Git-Mcp-Server