XixianLiang HarmonyOS-mcp-server input_text os command injection_CVE-2026-2131

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Basic Information

ID CVE-2026-2131

Source VulDB

Published Feb 8, 2026 at 02:32

Affected Product

Vendor XixianLiang

Product HarmonyOS-mcp-server

Version 0.1.0

Affected Versions XixianLiang HarmonyOS-mcp-server 0.1.0

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.",
    "published": "2026-02-08T02:32:07.119Z",
    "modified": "2026-02-08T02:32:07.119Z",
    "type": "cve",
    "title": "XixianLiang HarmonyOS-mcp-server input_text os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344766\nhttps://vuldb.com/?ctiid.344766\nhttps://vuldb.com/?submit.747209\nhttps://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md",
    "id": "CVE-2026-2131",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "XixianLiang HarmonyOS-mcp-server 0.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HarmonyOS-mcp-server",
    "version": "0.1.0",
    "vendor": "XixianLiang",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}