CVE-2026-7628

Name of the Vulnerable Software and Affected Versions crazyrabbitLTC mcp-code-review-server versions prior to 0.1.1

Description A command injection flaw exists in the RepoMix Command Handler component within the executeRepomix() function of the src/repomix.ts file. This issue allows a remote attacker to perform manipulations that result in unauthorized command execution.

Recommendations As a temporary workaround, restrict the use of the executeRepomix() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.