CVE-2026-2130

Summary

A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely. Upgrading to version 1.0.13 is able to mitigate this issue. This patch is called b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a. Upgrading the affected component is advised.

Affected Software

VendorProductVersion RangeStatus
BurtTheCodermcp-maigret1.0.0affected
BurtTheCodermcp-maigret1.0.1affected
BurtTheCodermcp-maigret1.0.2affected
BurtTheCodermcp-maigret1.0.3affected
BurtTheCodermcp-maigret1.0.4affected
BurtTheCodermcp-maigret1.0.5affected
BurtTheCodermcp-maigret1.0.6affected
BurtTheCodermcp-maigret1.0.7affected
BurtTheCodermcp-maigret1.0.8affected
BurtTheCodermcp-maigret1.0.9affected
BurtTheCodermcp-maigret1.0.10affected
BurtTheCodermcp-maigret1.0.11affected
BurtTheCodermcp-maigret1.0.12affected
BurtTheCodermcp-maigret1.0.13unaffected

Weaknesses

  • CWE-77: Command Injection
  • CWE-74: Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References