CVE-2026-4199 - Vulnerability Details

- bazinga012 mcp_code_executor index.ts installDependencies command injection

Description

A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available and might be used. It is best practice to apply a patch to resolve this issue. The project was informed of the problem early through an issue report but has not responded yet.

Published: 2026-03-16

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The affected function, installDependencies in src/index.ts, builds shell commands from user provided arguments without proper validation. This flaw allows an attacker with local access to execute arbitrary commands on the host. The vulnerability is classified in the Common Weakness Enumeration as CWE‑74 (Improper Neutralization of Special Elements) and CWE‑77 (Improper Neutralization of Command Injection).

Affected Systems

The package bazinga012:mcp_code_executor is vulnerable in all releases up to and including version 0.3.0. Any installation of the software on a local machine that has not been updated beyond this version remains at risk.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation is possible only from a local environment, but the attack code is available publicly on the project’s GitHub repository, meaning an attacker who gains local foothold could leverage it to elevate privileges or compromise the system.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

bazinga012

mcp_code_executor

affected

Version	Status	Constraints
`0.1`	affected	—
`0.2`	affected	—
`0.3.0`	affected	—

No data.

Vendor Product Confidence Versions

Bazinga012

Mcp Code Executor

100%

Version	Status	Scheme	Platform
`0.1`	affected	generic	—
`0.2`	affected	generic	—
`0.3.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check the project repository for an updated release that addresses the command injection issue and upgrade to a version newer than 0.3.0.
If no patch is available, disable or remove the installDependencies function from the code base to eliminate the injection vector.
Sanitize all input passed to installDependencies or replace the shell invocation with a safer API such as child_process.execFile.
Run the application with the least privilege possible or within a container to limit the impact of a potential injection.
Monitor the GitHub issue tracker and any security advisory PDFs for updates or new patches.

Generated by OpenCVE AI on March 17, 2026 at 00:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00372.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/bazinga012/mcp_code_executor/
https://github.com/bazinga012/mcp_code_executor/issues/17
https://github.com/bazinga012/mcp_code_executor/pull/18/commits/a94ec2fea318597646ba1c44d8e44eb1c9196d20
https://github.com/user-attachments/files/25931133/mcp_code_executor_security_advisory.pdf
https://vuldb.com/?ctiid.351111
https://vuldb.com/?id.351111
https://vuldb.com/?submit.770424

History

Tue, 17 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Bazinga012 Bazinga012 mcp Code Executor
Vendors & Products		Bazinga012 Bazinga012 mcp Code Executor

Mon, 16 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 16 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available and might be used. It is best practice to apply a patch to resolve this issue. The project was informed of the problem early through an issue report but has not responded yet.
Title		bazinga012 mcp_code_executor index.ts installDependencies command injection
Weaknesses		CWE-74 CWE-77
References		https://github.com/bazinga012/mcp_code_executor/ https://github.com/bazinga012/mcp_code_executor/issues/17 https://github.com/bazinga012/mcp_code_executor/pull/18/commits/a94ec2fea318597646ba1c44d8e44eb1c9196d20 https://github.com/user-attachments/files/25931133/mcp_code_executor_security_advisory.pdf https://vuldb.com/?ctiid.351111 https://vuldb.com/?id.351111 https://vuldb.com/?submit.770424
Metrics		cvssV2_0 `{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Bazinga012 Mcp Code Executor

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-16T00:02:10.776Z

Updated: 2026-03-16T20:07:05.441Z

Reserved: 2026-03-15T08:32:38.885Z

Link: CVE-2026-4199

Vulnrichment

Updated: 2026-03-16T20:06:54.476Z

NVD

Status : Deferred

Published: 2026-03-16T14:20:04.617

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-4199

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-23T14:00:51Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object