Product
An OS command injection vulnerability exists in BurtTheCoder's mcp-dnstwist version 1.0.4 and earlier due to improper handling of the Request argument in the fuzz_domain function within src/index.ts, potentially allowing remote attackers to execute arbitrary commands.