关键信息 CVE: CVE-2026-2008 Vulnerability Type: Code Injection Affected Component: tool in Vendor Repository: https://github.com/abhiphile/fermat-mcp CWE: CWE-78 OS Command Injection Date: 2026-01-16 Summary The tool in is vulnerable to code injection due to the use of the function for calculation. Even though the second parameter of limits its scope, users can still bypass it and execute arbitrary code. Details The parameter of uses for calculations. The function can be exploited to execute arbitrary code if the input is not properly sanitized. Proof of Concept (POC) The following code can be used to exploit the vulnerability: Impact The impact of this vulnerability varies based on the deployment model of the MCP service: