CVE-2026-2131

Medium CVSS: 5.3

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Vendor

Xixianliang

Product

Harmonyos Mcp Server

CWE

CWE-77

Yayın Tarihi

2026-02-08 03:15:49

Güncelleme

2026-03-05 20:12:07

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-77 Harmonyos Mcp Server MEDIUM Xixianliang 2026

Referanslar

https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md https://vuldb.com/?ctiid.344766 https://vuldb.com/?id.344766 https://vuldb.com/?submit.747209