Threats Tagged 'cve-2026-30625'
View all threats tagged with 'cve-2026-30625'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-30625'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-30625: n/aCVE-2026-30625 0 Upsonic version 0. 71. 6 contains a critical remote code execution vulnerability in its MCP server/task creation functionality. The vulnerability arises because users can define MCP tasks with arbitrary command and argument values. Although an allowlist restricts commands, some allowed commands like npm and npx accept argument flags that enable execution of arbitrary OS commands. This can lead to remote code execution with the privileges of the Upsonic process. Version 0. 72. 0 introduced a warning about the risks of using Stdio servers that can execute commands directly on the host machine. No official patch or remediation has been confirmed yet. Join the discussion | CVE Database V5 | 04/15/2026, 00:00:00 UTC Added: 04/15/2026, 15:31:52 UTC |
Showing 1 to 1 of 1 result