GHSA-v6wj-c83f-v46x: Critical OS Command Injection in @profullstack/mcp-server domain_lookup Module
Vulnerability ID: GHSA-V6WJ-C83F-V46X
CVSS Score: 9.8
Published: 2026-05-09
A critical unauthenticated OS Command Injection vulnerability (CWE-78) exists in the @profullstack/mcp-server npm package, specifically within the domain_lookup module. The vulnerability allows remote attackers to execute arbitrary commands on the host system via crafted HTTP requests.
TL;DR
The @profullstack/mcp-server package (versions <= 1.4.12) is vulnerable to unauthenticated OS Command Injection. The domain_lookup module unsafely concatenates user-supplied input into a shell command, enabling remote code execution.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-78
- Attack Vector: Network
- CVSS Score: 9.8 (Critical)
- Impact: Arbitrary Remote Code Execution
- Exploit Status: Proof of Concept Available
- Privileges Required: None
Affected Systems
- @profullstack/mcp-server npm package
- @profullstack/mcp-server: <= 1.4.12
Mitigation Strategies
- Replace child_process.exec with child_process.spawn to pass arguments safely as arrays.
- Implement strict regex-based input validation for domain names enforcing RFC 1035 compliance.
- Enforce global authentication middleware across all modular endpoints.
- Execute the Node.js server process under a dedicated, unprivileged user account.
Remediation Steps:
- Identify all deployments running @profullstack/mcp-server versions <= 1.4.12.
- Modify service.js to utilize child_process.spawn instead of execAsync.
- Implement a regex validation check (e.g., /^[a-zA-Z0-9.-]+$/) on the domains and keywords input arrays.
- Restart the Node.js application process.
- Review system logs and process trees for unauthorized executions or shell spawns indicating prior compromise.
References
Read the full report for GHSA-V6WJ-C83F-V46X on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)