Description
Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/server/src/ReplServer.ts bound the ReplServer to 0.0.0.0:4403 and exposed an unauthenticated /execute endpoint that passed the code field to PluginBridge.executePluginTask(), allowing anyone on the network to execute JavaScript on the server. This issue is fixed in version 2.15.0.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-22qr-rp27-j9wm | PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE |
References
History
Wed, 15 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Penpot
Penpot penpot |
|
| Vendors & Products |
Penpot
Penpot penpot |
Wed, 15 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Penpot is an open-source design tool for design and code collaboration. Prior to 2.15.0, Penpot MCP's mcp/packages/server/src/ReplServer.ts bound the ReplServer to 0.0.0.0:4403 and exposed an unauthenticated /execute endpoint that passed the code field to PluginBridge.executePluginTask(), allowing anyone on the network to execute JavaScript on the server. This issue is fixed in version 2.15.0. | |
| Title | Penpot: MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint — RCE | |
| Weaknesses | CWE-749 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-15T15:44:45.199Z
Reserved: 2026-05-13T08:19:32.604Z
Link: CVE-2026-45805
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-15T19:15:14Z
Weaknesses
-
CWE-749
Exposed Dangerous Method or Function
Github GHSA