{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/profullstack/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["@profullstack/mcp-server (\u003c= 1.4.12)"],"_cs_severities":["critical"],"_cs_tags":["command-injection","rce","web-application"],"_cs_type":"advisory","_cs_vendors":["profullstack"],"content_html":"\u003cp\u003eThe \u003ccode\u003e@profullstack/mcp-server\u003c/code\u003e package is vulnerable to OS Command Injection within the \u003ccode\u003edomain_lookup\u003c/code\u003e module. Specifically, the application fails to sanitize user-provided input passed via the \u003ccode\u003edomains\u003c/code\u003e and \u003ccode\u003ekeywords\u003c/code\u003e parameters to the \u003ccode\u003e/domain-lookup/check\u003c/code\u003e and \u003ccode\u003e/domain-lookup/bulk\u003c/code\u003e endpoints. This unsanitized input is then concatenated into a shell command string and executed using \u003ccode\u003eexecAsync()\u003c/code\u003e. The server binds to \u003ccode\u003e0.0.0.0\u003c/code\u003e without global authentication middleware. This vulnerability, identified as CWE-78, allows unauthenticated remote attackers to inject arbitrary OS commands, potentially leading to complete system compromise. Version 1.4.12 and earlier are affected.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker sends a POST request to \u003ccode\u003e/domain-lookup/check\u003c/code\u003e or \u003ccode\u003e/domain-lookup/bulk\u003c/code\u003e with a crafted JSON payload.\u003c/li\u003e\n\u003cli\u003eThe JSON payload contains a \u003ccode\u003edomains\u003c/code\u003e or \u003ccode\u003ekeywords\u003c/code\u003e array, with malicious commands injected using shell metacharacters (e.g., \u003ccode\u003e;\u003c/code\u003e, \u003ccode\u003e|\u003c/code\u003e, \u003ccode\u003e$()\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ebuildTldxCommand()\u003c/code\u003e function in \u003ccode\u003emcp_modules/domain_lookup/src/service.js\u003c/code\u003e concatenates the attacker-controlled input directly into a command string without sanitization.\u003c/li\u003e\n\u003cli\u003eThe resulting command string is passed to the \u003ccode\u003eexecAsync()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eexecAsync()\u003c/code\u003e executes the command using \u003ccode\u003e/bin/sh\u003c/code\u003e, interpreting the injected shell metacharacters.\u003c/li\u003e\n\u003cli\u003eArbitrary OS commands are executed with the privileges of the server process.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform actions such as reading sensitive files, creating new files, or establishing outbound network connections.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation results in unauthenticated remote code execution, potentially leading to full system compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows for unauthenticated remote code execution with the privileges of the server process. This could lead to full read/write access to any file the server process can access, potentially sensitive information disclosure, credential theft, persistence, and lateral movement within the network. The CVSS 3.1 score is 9.8 (Critical). This vulnerability is easily reproducible with a single unauthenticated HTTP POST request to either of the documented endpoints.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of \u003ccode\u003e@profullstack/mcp-server\u003c/code\u003e that addresses the command injection vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement input validation on the \u003ccode\u003edomains\u003c/code\u003e and \u003ccode\u003ekeywords\u003c/code\u003e parameters to reject any input containing shell metacharacters.\u003c/li\u003e\n\u003cli\u003eUse \u003ccode\u003echild_process.execFile\u003c/code\u003e or \u003ccode\u003espawn('tldx', [keyword1, keyword2, ...])\u003c/code\u003e instead of \u003ccode\u003eexecAsync(command)\u003c/code\u003e to avoid shell interpretation.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to detect exploitation attempts targeting the affected endpoints and parameters.\u003c/li\u003e\n\u003cli\u003eImplement global authentication middleware to prevent anonymous access to HTTP-exposed modules.\u003c/li\u003e\n\u003cli\u003eModify the server to bind to \u003ccode\u003e127.0.0.1\u003c/code\u003e by default to reduce the attack surface and require explicit opt-in for non-loopback bindings.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-09T00:42:12Z","date_published":"2026-05-09T00:42:12Z","id":"/briefs/2026-05-profullstack-rce/","summary":"The @profullstack/mcp-server is vulnerable to OS Command Injection in the domain_lookup module, allowing unauthenticated remote attackers to execute arbitrary OS commands as the server process by injecting shell metacharacters into the domains/keywords parameters via the POST /domain-lookup/check and /domain-lookup/bulk endpoints.","title":"@profullstack/mcp-server OS Command Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-profullstack-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Profullstack","version":"https://jsonfeed.org/version/1.1"}