CVE-2025-61489

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.

Published Jan 13, 2026

https://github.com/sonirico/mcp-shell/issues/4 https://github.com/advisories/GHSA-573w-fmhg-vxq2

CVSS ScoreMedium

6.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-61489

A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.

Published Jan 13, 2026

https://github.com/sonirico/mcp-shell/issues/4 https://github.com/advisories/GHSA-573w-fmhg-vxq2

CVSS ScoreMedium

6.5


golang	github.com/sonirico/mcp-shell	v0.3.1

Ecosystem	Package	Version


golang	github.com/sonirico/mcp-shell	v0.3.1

Find vulnerabilities. Fix fast with AI.

CVE-2025-61489

CVE-2025-61489