CVE-2026-30635

Name of the Vulnerable Software and Affected Versions automagik-genie version 2.5.27

Description Command injection allows attackers to execute arbitrary commands through the 'view task' (also known as 'view') within the readTranscriptFromCommit() function located in 'dist/mcp/server.js'. This occurs when a user reads from an external FORGE BASE URL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.