CVE-2026-7812— 54yyyu code-mcp MCP Tool server.py git_operation command injection

CVSS 7.3 · High EPSS 1.31% · P80 Updated May 06, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-7812

AIGC Shenlong Model
NVD (National Vulnerability Database)

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

54yyyu code-mcp MCP Tool server.py git_operation command injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git_operation of the file src/code_mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

在命令中使用的特殊元素转义处理不恰当(命令注入)

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
54yyyu	code-mcp	4cfc4643541a110c906d93635b391bf7e357f4a8	-

II. Public POCs for CVE-2026-7812

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-7812

Please Login to view more intelligence information

Command Injection in git_operation · Issue #5 · 54yyyu/code-mcpexploitissue-tracking
GitHub - 54yyyu/code-mcp: Code-MCP: Connect Claude AI to your development environment through the Model Context Protocol (MCP), enabling terminal commands and file operations through the AI interface. · GitHubproduct
Just a moment...signaturepermissions-required
CVE-2026-7812 | 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8 MCP Tool src/code_mcp/server.py git_operation command injectionvdb-entrytechnical-description
Just a moment...third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-7812

IV. Related Vulnerabilities

Same product: code-mcp

CVE-2026-7811
54yyyu code-mcp MCP File server.py is_safe_path path travers

Same vendor: 54yyyu

CVE-2026-7811
54yyyu code-mcp MCP File server.py is_safe_path path travers

Same weakness: CWE-77

V. Comments for CVE-2026-7812

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-7812— 54yyyu code-mcp MCP Tool server.py git_operation command injection

I. Basic Information for CVE-2026-7812

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-7812

III. Intelligence Information for CVE-2026-7812

IV. Related Vulnerabilities

V. Comments for CVE-2026-7812

Leave a comment