CVE-2026-4198

Published
View on NVD ↗
CVSS v3
5.3
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
2
PROJECTS

Description

A vulnerability was determined in hypermodel-labs mcp-server-auto-commit 1.0.0. Affected by this vulnerability is the function getGitChanges of the file index.ts. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: f7d992c830c5f2ec5749852e66c0195e3ed7fe30. Applying a patch is the recommended action to fix this issue. The project was informed of the problem early through an issue report but has not responded yet.

user-attachments/files
user-attachments/filesUNAVAILABLE
upload file to github
GitHubGitHub
3
hypermodel-labs/mcp-server-auto-commit
hypermodel-labs/mcp-server-auto-commit
An mcp server that auto commits changes and creates commit message in the form of conventional commits (https://www.conventionalcommits.org/en/v1.0.0/)
GitHubGitHub
14