CVE-2026-3680 is a command injection vulnerability affecting the RyuzakiShinji biome-mcp-server up to version 1.0.0. The vulnerability resides in an unspecified functionality within the biome-mcp-server.ts source file, which processes input in a way that allows an attacker to inject and execute arbitrary system commands remotely. This flaw does not require user interaction or prior authentication, making it accessible to unauthenticated remote attackers over the network. The vulnerability was publicly disclosed on March 7, 2026, with a CVSS 4.0 score of 5.3, indicating a medium severity level. The attack vector is network-based with low attack complexity, but it requires low privileges, and the impact on confidentiality, integrity, and availability is limited but non-negligible. Although no active exploitation has been observed, the public availability of exploit code increases the risk of future attacks. The vendor has released a patch identified by commit 335e1727147efeef011f1ff8b05dd751d8a660be to fix the issue. The vulnerability highlights the importance of secure input validation and command execution handling in server software to prevent injection attacks.

If exploited, this vulnerability could allow remote attackers to execute arbitrary commands on the affected biome-mcp-server system, potentially leading to unauthorized access, data leakage, or disruption of service. The ability to run arbitrary commands could enable attackers to manipulate server operations, exfiltrate sensitive data, or pivot to other internal systems. Although the CVSS score indicates a medium severity, the lack of required user interaction and authentication increases the risk profile. Organizations relying on biome-mcp-server for critical infrastructure or services may face operational disruptions or compromise of sensitive information. The public release of exploit code further elevates the threat, as less skilled attackers could leverage it to conduct attacks. The scope of impact depends on the deployment scale of biome-mcp-server and the sensitivity of the data or services it supports.

To mitigate this vulnerability, organizations should immediately apply the official patch identified by commit 335e1727147efeef011f1ff8b05dd751d8a660be provided by RyuzakiShinji. In addition to patching, it is recommended to implement strict input validation and sanitization on all data processed by biome-mcp-server to prevent injection of malicious commands. Network-level controls such as firewall rules should restrict access to the biome-mcp-server to trusted IP addresses only, minimizing exposure to untrusted networks. Monitoring and logging of server activity should be enhanced to detect anomalous command execution attempts. Where possible, run the biome-mcp-server with the least privileges necessary to limit the impact of any successful exploitation. Regular security audits and code reviews focusing on command execution paths can help identify and remediate similar issues proactively.