CVE-2026-2130
MEDIUM EPSS 72.5%
Published Feb 8, 20264mo ago · Modified Jun 17, 20261w ago
5.3 CVSS 4.0
Published Feb 8, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely. Upgrading to version 1.0.13 is able to mitigate this issue. This patch is called b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a. Upgrading the affected component is advised.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
72.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-74
CWE-77 Command Injection Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| burtthecoder | maigret_mcp_server | * | ≤1.0.12 |
References 8
- github.com https://github.com/BurtTheCoder/mcp-maigret/
- github.com https://github.com/BurtTheCoder/mcp-maigret/commit/b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a
- github.com https://github.com/BurtTheCoder/mcp-maigret/issues/9
- github.com https://github.com/BurtTheCoder/mcp-maigret/pull/10
- github.com https://github.com/BurtTheCoder/mcp-maigret/releases/tag/v1.0.13
- vuldb.com https://vuldb.com/?ctiid.344765
- vuldb.com https://vuldb.com/?id.344765
- vuldb.com https://vuldb.com/?submit.747171
Remediation
- github.com https://github.com/BurtTheCoder/mcp-maigret/commit/b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a
- github.com https://github.com/BurtTheCoder/mcp-maigret/pull/10