CVE-2026-45555

Name of the Vulnerable Software and Affected Versions Roslyn CodeLens MCP Server versions 0.0.9 through 1.16.0

Description The get diagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without an allowlist, signature check, or user confirmation. Because the includeAnalyzers variable defaults to true, no explicit opt-in is required. An attacker can achieve arbitrary code execution in the server process with the server's OS privileges by placing a malicious .csproj file that references an attacker-controlled DLL in a location opened by the victim using the MCP server.

Recommendations Update to version 1.17.0.