Description
A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and execute it via child_process.exec() using the specified language interpreter. This allows execution of arbitrary code with the privileges of the user running the server. This vulnerability has not been fixed and might affect the project in all versions.
Published: 2026-05-12
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A remote code execution flaw exists in Code Runner MCP Server when started with the --transport http option, exposing the /mcp JSON‑RPC endpoint without authentication on port 3088. An unauthenticated attacker can call run‑code to pass arbitrary source code, which the server executes through child_process.exec() using the language interpreter. The result is full execution of attacker‑supplied code with the privileges of the user running the server, meeting the criteria for a high‑severity denial of remote or local access vulnerability.

Affected Systems

The vulnerability targets Code Runner MCP Server in all versions that support the --transport http flag. The unprotected JSON‑RPC endpoint is accessible directly on TCP port 3088 when the server is run with this option, regardless of the operating system or deployment environment.

Risk and Exploitability

The CVSS score of 8.7 indicates a high risk to confidentiality, integrity, and availability. Although no EPSS value is provided, the lack of authentication combined with the ability to execute arbitrary code makes exploitation likely in a network where the service is exposed. The issue is not currently listed in CISA KEV, but its severity warrants immediate attention. An attacker can remotely invoke the vulnerable endpoint, supply any source code, and cause it to run with local privileges, potentially compromising the entire host.

Generated by OpenCVE AI on May 12, 2026 at 10:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the --transport http option or run the server with a transport that requires authentication.
  • Configure firewall or network policies to limit inbound traffic on port 3088 to trusted hosts only.
  • Apply vendor updates or patches as soon as they become available; monitor the vendor’s advisories for an official fix.

Generated by OpenCVE AI on May 12, 2026 at 10:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and execute it via child_process.exec() using the specified language interpreter. This allows execution of arbitrary code with the privileges of the user running the server. This vulnerability has not been fixed and might affect the project in all versions.
Title RCE in Code Runner MCP Server
Weaknesses CWE-306
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-05-12T12:30:11.351Z

Reserved: 2026-03-27T15:32:29.167Z

Link: CVE-2026-5029

cve-icon Vulnrichment

Updated: 2026-05-12T12:30:08.332Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T10:16:47.310

Modified: 2026-05-12T14:15:46.747

Link: CVE-2026-5029

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T10:45:14Z

Weaknesses