{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/54yyyu/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7812"}],"_cs_exploited":false,"_cs_products":["code-mcp"],"_cs_severities":["high"],"_cs_tags":["command-injection","web-application","cve-2026-7812"],"_cs_type":"advisory","_cs_vendors":["54yyyu"],"content_html":"\u003cp\u003eA command injection vulnerability has been identified in 54yyyu\u0026rsquo;s code-mcp, specifically affecting versions up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8. The vulnerability resides in the \u003ccode\u003egit_operation\u003c/code\u003e function within \u003ccode\u003esrc/code_mcp/server.py\u003c/code\u003e of the MCP Tool component. This flaw allows a remote attacker to inject and execute arbitrary commands by manipulating the \u003ccode\u003eoperation\u003c/code\u003e argument. The exploit is publicly available, increasing the risk of exploitation. 54yyyu employs a continuous delivery model with rolling releases, making it difficult to pinpoint specific vulnerable versions and updated releases. The project maintainers were notified of the vulnerability through an issue report but have not yet provided a response or patch.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a publicly accessible instance of 54yyyu code-mcp running a vulnerable version (\u0026lt;= 4cfc4643541a110c906d93635b391bf7e357f4a8).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003egit_operation\u003c/code\u003e function in \u003ccode\u003esrc/code_mcp/server.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious request includes a crafted \u003ccode\u003eoperation\u003c/code\u003e argument containing shell commands.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003egit_operation\u003c/code\u003e function, without proper sanitization, passes the attacker-controlled \u003ccode\u003eoperation\u003c/code\u003e argument to a system call.\u003c/li\u003e\n\u003cli\u003eThe system executes the injected commands, potentially allowing the attacker to execute arbitrary code on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains initial access and may attempt to escalate privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker moves laterally within the network, compromising other systems and data.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their final objective, which could include data exfiltration, ransomware deployment, or system disruption.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows a remote attacker to execute arbitrary commands on the affected system. Due to the lack of specific versioning information and response from the vendor, the exact number of vulnerable installations is unknown. This vulnerability could lead to complete system compromise, data breaches, and potential disruption of services, impacting any organization using the affected 54yyyu code-mcp software.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for suspicious POST requests to the \u003ccode\u003egit_operation\u003c/code\u003e endpoint in \u003ccode\u003esrc/code_mcp/server.py\u003c/code\u003e containing shell command injection attempts, and deploy the \u003ccode\u003eDetect Suspicious Git Operation Requests\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unusual processes spawned by the code-mcp application or related processes, using the \u003ccode\u003eDetect Suspicious Processes Spawned by Code-MCP\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eSince no patch is available, consider implementing input validation and sanitization on the \u003ccode\u003eoperation\u003c/code\u003e argument within the \u003ccode\u003egit_operation\u003c/code\u003e function or consider isolating the affected service until a patch is released.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T05:16:00Z","date_published":"2026-05-05T05:16:00Z","id":"/briefs/2026-05-code-mcp-command-injection/","summary":"A command injection vulnerability (CVE-2026-7812) exists in the git_operation function of 54yyyu code-mcp's MCP Tool, allowing remote attackers to execute arbitrary commands by manipulating the operation argument.","title":"54yyyu code-mcp Command Injection Vulnerability (CVE-2026-7812)","url":"https://feed.craftedsignal.io/briefs/2026-05-code-mcp-command-injection/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-7811"}],"_cs_exploited":false,"_cs_products":["code-mcp"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","CVE-2026-7811"],"_cs_type":"advisory","_cs_vendors":["54yyyu"],"content_html":"\u003cp\u003eA path traversal vulnerability, identified as CVE-2026-7811, has been discovered in 54yyyu code-mcp, affecting versions up to commit 4cfc4643541a110c906d93635b391bf7e357f4a8. This flaw resides within the \u003ccode\u003eis_safe_path\u003c/code\u003e function in \u003ccode\u003esrc/code_mcp/server.py\u003c/code\u003e, a part of the MCP File Handler component. The vulnerability enables remote attackers to bypass security restrictions and potentially access unauthorized files and directories on the server.  The exploit is publicly known. The vendor employs rolling releases, making specific version details unavailable, and has not yet responded to the initial vulnerability report. This lack of response and public exploit availability poses a significant risk to systems running the affected code-mcp versions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of 54yyyu code-mcp running a version with the affected \u003ccode\u003eis_safe_path\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the MCP File Handler, specifically designed to invoke the vulnerable \u003ccode\u003eis_safe_path\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes a path containing directory traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e) intended to bypass the path validation logic.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eis_safe_path\u003c/code\u003e function fails to properly sanitize the input path, allowing the traversal sequences to be processed.\u003c/li\u003e\n\u003cli\u003eThe application attempts to access a file or directory outside of the intended base directory based on the attacker-controlled path.\u003c/li\u003e\n\u003cli\u003eThe server reads the contents of the file or directory and includes it in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the sensitive information, such as configuration files or source code.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use this information to further compromise the system or network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability can allow attackers to read sensitive files from the server hosting the 54yyyu code-mcp application. This may include configuration files, source code, or other data that could aid in further attacks, such as privilege escalation or lateral movement. Since the exploit is publicly available, unpatched systems are at immediate risk of compromise. The number of affected installations and the specific sectors impacted are currently unknown, but the potential for data breaches and system compromise is significant.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Code-mcp Path Traversal Attempt\u003c/code\u003e to identify requests containing suspicious path traversal sequences in the \u003ccode\u003ecs-uri-query\u003c/code\u003e field of web server logs.\u003c/li\u003e\n\u003cli\u003eEnable web server logging to capture HTTP requests and responses, which is required for the Sigma rule to function correctly (logsource: \u003ccode\u003ewebserver\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eSince specific patched versions are unavailable due to the rolling release model, monitor the vendor\u0026rsquo;s code repository for updates to the \u003ccode\u003eis_safe_path\u003c/code\u003e function in \u003ccode\u003esrc/code_mcp/server.py\u003c/code\u003e and deploy the updated code as soon as it becomes available.\u003c/li\u003e\n\u003cli\u003eImplement a web application firewall (WAF) rule to block requests containing path traversal sequences like \u003ccode\u003e../\u003c/code\u003e in URL parameters to mitigate the risk proactively.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-03-code-mcp-path-traversal/","summary":"A path traversal vulnerability exists in the is_safe_path function of the MCP File Handler component in 54yyyu code-mcp, allowing remote attackers to access sensitive files.","title":"54yyyu code-mcp Path Traversal Vulnerability (CVE-2026-7811)","url":"https://feed.craftedsignal.io/briefs/2024-01-03-code-mcp-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — 54yyyu","version":"https://jsonfeed.org/version/1.1"}