A Command Injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), which spawns a shell. An attacker could inject shell metacharacters like $(command) or &calc to execute arbitrary commands with the privileges of the MCP server process.

This affects any tool that accepts projectPath, including create scene, add node, load sprite, and others.

Fixed in version 0.1.1 by switching from exec() to execFile(), which does not invoke a shell.

None. Users should upgrade immediately.