CVE-2026-5833

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions awwaiid mcp-server-taskwarrior versions up to 1.0.1

Description A security issue exists in awwaiid mcp-server-taskwarrior up to version 1.0.1. The server.setRequestHandler function within the index.ts file is susceptible to command injection through manipulation of the Identifier argument. This requires local access to execute the attack. The patch identified as 1ee3d282debfa0a99afeb41d22c4b2fd5a3148f2 addresses this issue.

Recommendations Apply the patch 1ee3d282debfa0a99afeb41d22c4b2fd5a3148f2 to resolve this vulnerability.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2026-5833

GHSA-95HG-3C55-XF9X

Affected Products

Awwaiid Mcp-Server-Taskwarrior

CVE-2026-5833

Weakness Enumeration

Related Identifiers

Affected Products

References · 14