Description
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE_BASE_URL.
Published: 2026-05-11
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The automagik-genie 2.5.27 MCP Server contains a command‑injection flaw in the readTranscriptFromCommit routine. By calling the view_task endpoint, an attacker can inject arbitrary shell commands that are executed on the server when the application retrieves data from an external FORGE_BASE_URL. This yields full control over the host, compromising confidentiality, integrity and availability, and is a classic example of an OS command injection vulnerability: CWE‑78.

Affected Systems

Only the automagik‑genie 2.5.27 MCP Server is listed as vulnerable. No other vendor or product versions are supplied, and the affected release is precisely 2.5.27.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. The EPSS score is below 1% and the vulnerability is not listed in CISA KEV, suggesting limited current exploitation activity. The likely attack vector is remote network access to the MCP Server’s view_task endpoint, which can be reached from any network location that can communicate with the server. An attacker can exploit this flaw by sending a crafted view_task request with a malicious FORGE_BASE_URL, resulting in arbitrary command execution on the host.

Generated by OpenCVE AI on May 12, 2026 at 16:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor‑supplied fix when one becomes available
  • Restrict the FORGE_BASE_URL parameter to trusted internal URLs or disable external URL fetches
  • Implement strict input validation or whitelisting for the view_task endpoint to prevent arbitrary command execution
  • Monitor logs for unexpected command execution patterns originating from external sources

Generated by OpenCVE AI on May 12, 2026 at 16:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 16:30:00 +0000

Type Values Removed Values Added
Title Command Injection via view_task Endpoint in automagik-genie 2.5.27 MCP Server

Tue, 12 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Namastexlabs
Namastexlabs automagik-genie
Vendors & Products Namastexlabs
Namastexlabs automagik-genie

Mon, 11 May 2026 21:15:00 +0000

Type Values Removed Values Added
Title Command Injection via view_task Endpoint in automagik-genie 2.5.27 MCP Server
Weaknesses CWE-78

Mon, 11 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE_BASE_URL.
References

Subscriptions

Namastexlabs Automagik-genie
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-12T13:39:32.134Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30635

cve-icon Vulnrichment

Updated: 2026-05-12T13:39:11.971Z

cve-icon NVD

Status : Received

Published: 2026-05-11T18:16:31.660

Modified: 2026-05-12T14:17:01.433

Link: CVE-2026-30635

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T16:15:19Z

Weaknesses