GHSA-8JX2-RHFH-Q928
Vulnerability from github – Published: 2026-02-04 20:02 – Updated: 2026-02-05 00:37
VLAI?
Summary
godot-mcp has Command Injection via unsanitized projectPath
Details
Impact
A Command Injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), which spawns a shell. An attacker could inject shell metacharacters like $(command) or &calc to execute arbitrary commands with the privileges of the MCP server process.
This affects any tool that accepts projectPath, including create_scene, add_node, load_sprite, and others.
Patches
Fixed in version 0.1.1 by switching from exec() to execFile(), which does not invoke a shell.
Workarounds
None. Users should upgrade immediately.
Resources
- https://github.com/Coding-Solo/godot-mcp/issues/64
- https://github.com/Coding-Solo/godot-mcp/pull/67
Severity ?
7.8 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@coding-solo/godot-mcp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25546"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-04T20:02:32Z",
"nvd_published_at": "2026-02-04T22:16:00Z",
"severity": "HIGH"
},
"details": "### Impact \nA Command Injection vulnerability in godot-mcp allows remote code execution. The `executeOperation` function passed user-controlled input (e.g., `projectPath`) directly to `exec()`, which spawns a shell. An attacker could inject shell metacharacters like `$(command)` or `\u0026calc` to execute arbitrary commands with the privileges of the MCP server process. \n\nThis affects any tool that accepts `projectPath`, including `create_scene`, `add_node`, `load_sprite`, and others. \n\n### Patches \nFixed in version 0.1.1 by switching from `exec()` to `execFile()`, which does not invoke a shell. \n\n### Workarounds \nNone. Users should upgrade immediately. \n\n### Resources\n - https://github.com/Coding-Solo/godot-mcp/issues/64\n - https://github.com/Coding-Solo/godot-mcp/pull/67",
"id": "GHSA-8jx2-rhfh-q928",
"modified": "2026-02-05T00:37:12Z",
"published": "2026-02-04T20:02:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Coding-Solo/godot-mcp/security/advisories/GHSA-8jx2-rhfh-q928"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25546"
},
{
"type": "WEB",
"url": "https://github.com/Coding-Solo/godot-mcp/issues/64"
},
{
"type": "WEB",
"url": "https://github.com/Coding-Solo/godot-mcp/pull/67"
},
{
"type": "WEB",
"url": "https://github.com/Coding-Solo/godot-mcp/commit/21c785d923cfdb471ea60323c13807d62dfecc5a"
},
{
"type": "PACKAGE",
"url": "https://github.com/Coding-Solo/godot-mcp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "godot-mcp has Command Injection via unsanitized projectPath"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…