Description
Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warning about using Stdio servers being able to execute commands directly on the machine.
Published: 2026-04-15
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

Upsonic 0.71.6 allows users to create MCP tasks with arbitrary command and argument values. An allowlist exists for commands, yet certain permitted commands such as npm and npx interpret flag arguments that can be abused to execute arbitrary OS commands, bypassing the intended command restrictions. This flaw enables a malicious actor to run any command with the privileges of the Upsonic process, potentially compromising the host system fully.

Affected Systems

The vulnerability is documented for Upsonic version 0.71.6; version 0.72.0 adds a warning but no explicit confirmation that the flaw is mitigated. Only users running 0.71.6 are definitively impacted.

Risk and Exploitability

Based on the description, it is inferred that an attacker who can submit MCP tasks through the exposed interface can supply arbitrary command and args fields. The vulnerability allows any such crafted task to run with the privileges of the Upsonic process, enabling full compromise. The CVSS score of 9.8 signals critical severity, while an EPSS score of less than 1% indicates a low likelihood of exploitation in the wild. The flaw is not listed in CISA’s KEV catalog. Since the attack requires access to the MCP task submission API, limiting network exposure or enforcing authentication can reduce the risk of exploitation.

Generated by OpenCVE AI on April 18, 2026 at 17:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to version 0.72.0 or newer, or apply an official vendor fix if available.
  • If an upgrade is not immediately feasible, disable the custom command functionality in the MCP task configuration or enforce a stricter whitelist that excludes npm and npx or disallows flag arguments that can be leveraged for command injection.
  • Restrict network access to the MCP server to trusted administrators or internal networks to limit exposure to potential malicious task submissions.
  • Monitor system logs for anomalous MCP task creation and execution events to detect exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 17:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cw73-5f7h-m4gv Upsonic: remote code execution vulnerability in its MCP server/task creation functionality
History

Sat, 18 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via MCP Task Creation in Upsonic 0.71.6

Fri, 17 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Title Remote Command Injection via MCP Task Creation in Upsonic 0.71.6
Weaknesses CWE-78

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-77
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Title Remote Command Injection via MCP Task Creation in Upsonic 0.71.6
Weaknesses CWE-78

Wed, 15 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Upsonic
Upsonic upsonic
Vendors & Products Upsonic
Upsonic upsonic

Wed, 15 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Although an allowlist exists, certain allowed commands (npm, npx) accept argument flags that enable execution of arbitrary OS commands. Maliciously crafted MCP tasks may lead to remote code execution with the privileges of the Upsonic process. In version 0.72.0 Upsonic added a warning about using Stdio servers being able to execute commands directly on the machine.
References

Subscriptions

Upsonic Upsonic
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T13:55:52.158Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30625

cve-icon Vulnrichment

Updated: 2026-04-16T13:54:49.421Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-15T16:16:36.787

Modified: 2026-04-17T15:09:46.880

Link: CVE-2026-30625

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T17:30:05Z

Weaknesses