NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-30635

Summary	Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE_BASE_URL.
Publication Date	May 12, 2026, 3:16 a.m.
Registration Date	May 12, 2026, 4:14 a.m.
Last Update	May 12, 2026, 3:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://gist.github.com/spdc-elm/3ddecd10ffa85c5963ab7fe531619875	cve@mitre.org

Common Vulnerabilities List