CVE 9.7 CRITICAL

Dive allows One-click Remote Code Execution through Deep Links for MCP Install_CVE-2026-23523

January 16, 2026 invoker category_cve

9.7 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.

AI Analysis

Arbitrary local command execution vulnerability through crafted deeplink

Basic Information

ID CVE-2026-23523

Source GitHub_M

Published Jan 16, 2026 at 16:29

Modified Jan 16, 2026 at 16:47

Affected Product

Vendor OpenAgentPlatform

Product Dive

Version < 0.13.0

Affected Versions OpenAgentPlatform Dive < 0.13.0

CWE Classification

CWE-94

AI Assessment

AI Score 9.7 / 10

AI Severity Critical

Vendor OpenAgentPlatform

Product Dive

Version < 0.13.0

References

{
    "lastseen": "",
    "description": "Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim\u2019s machine. This vulnerability is fixed in 0.13.0.",
    "published": "2026-01-16T16:29:48.433Z",
    "modified": "2026-01-16T16:47:34.560Z",
    "type": "cve",
    "title": "Dive allows One-click Remote Code Execution through Deep Links for MCP Install",
    "source": "GitHub_M",
    "references": "https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-pjj5-f3wm-f9m8\nhttps://github.com/OpenAgentPlatform/Dive/commit/a5162ac9eff366d8ea1215b8a47139a81a55a779",
    "id": "CVE-2026-23523",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "OpenAgentPlatform Dive < 0.13.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.7,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dive",
    "version": "< 0.13.0",
    "vendor": "OpenAgentPlatform",
    "ai_description": "Arbitrary local command execution vulnerability through crafted deeplink",
    "ai_severity": "Critical",
    "ai_vendor": "OpenAgentPlatform",
    "ai_product": "Dive",
    "ai_version": "< 0.13.0",
    "ai_score": 9.7
}

💭 Join the Security Discussion ❌ Cancel Reply