CRITICAL 10.0

PYSEC-2026-551

terminal-controller-mcp vulnerable to Command Injection

상세

A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / terminal-controller

최초 영향 버전: 0

No fixed version published yet for terminal-controller (pip). Pin to a known-safe version or switch to an alternative.

참고

https://nvd.nist.gov/vuln/detail/CVE-2025-61492 [ADVISORY]
https://github.com/GongRzhe/terminal-controller-mcp/issues/7 [WEB]
https://github.com/cfdude/super-shell-mcp/issues/19 [WEB]
https://github.com/GongRzhe/terminal-controller-mcp [PACKAGE]
https://pypi.org/project/terminal-controller [PACKAGE]
https://github.com/advisories/GHSA-h4rf-624j-gj33 [ADVISORY]