FKIE_CVE-2026-27203

Vulnerability from fkie_nvd - Published: 2026-02-21 00:16 - Updated: 2026-04-15 00:35
Severity
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Summary
eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file. An attacker can inject arbitrary environment variables into the .env file. This could lead to configuration overwrites, Denial of Service, and potential RCE. There was no fix for this issue at the time of publication.
References
security-advisories@github.comhttps://github.com/YosefHayim/ebay-mcp/commit/aab0bda75ea9dd27aa37d0d8524d7cf41b3c4a9a
security-advisories@github.comhttps://github.com/YosefHayim/ebay-mcp/security/advisories/GHSA-97rm-xj73-33jh
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay\u0027s Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file. An attacker can inject arbitrary environment variables into the .env file. This could lead to configuration overwrites, Denial of Service, and potential RCE. There was no fix for this issue at the time of publication."
    },
    {
      "lang": "es",
      "value": "eBay API MCP Server es un servidor MCP local de c\u00f3digo abierto que proporciona a los asistentes de IA acceso completo a las API de venta de eBay. Todas las versiones son vulnerables a la Inyecci\u00f3n de Variables de Entorno a trav\u00e9s de la funci\u00f3n updateEnvFile. La herramienta ebay_set_user_tokens permite actualizar el archivo .env con nuevos tokens. La funci\u00f3n updateEnvFile en src/auth/oauth.ts a\u00f1ade o reemplaza valores ciegamente sin validarlos en busca de saltos de l\u00ednea o comillas. Esto permite a un atacante inyectar variables de entorno arbitrarias en el archivo de configuraci\u00f3n. Un atacante puede inyectar variables de entorno arbitrarias en el archivo .env. Esto podr\u00eda llevar a sobrescrituras de configuraci\u00f3n, Denegaci\u00f3n de Servicio y potencial RCE. No hab\u00eda una soluci\u00f3n para este problema en el momento de la publicaci\u00f3n."
    }
  ],
  "id": "CVE-2026-27203",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-21T00:16:17.463",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/YosefHayim/ebay-mcp/commit/aab0bda75ea9dd27aa37d0d8524d7cf41b3c4a9a"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/YosefHayim/ebay-mcp/security/advisories/GHSA-97rm-xj73-33jh"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-15"
        },
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.