Vendor
The Penpot MCP module's ReplServer binds to all interfaces and exposes an unauthenticated /execute endpoint, allowing remote attackers to execute arbitrary code by sending a POST request with JavaScript code, leading to potential information disclosure and command execution.