CVE-2026-3959

A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/0xKoda/WireMCP/
https://github.com/0xKoda/WireMCP/issues/12
https://github.com/user-attachments/files/25571315/WireMCP_security_advisory.pdf
https://vuldb.com/?ctiid.350389
https://vuldb.com/?id.350389
https://vuldb.com/?submit.768129

Configurations

No configuration.

History

12 Mar 2026, 21:07

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en 0xKoda WireMCP hasta 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. La función afectada es server.tool del archivo index.js del componente Gestor de Comandos CLI de Tshark. La manipulación resulta en inyección de comandos del sistema operativo. El ataque debe abordarse localmente. El exploit se ha hecho público y podría ser utilizado. Este producto utiliza un sistema de lanzamiento continuo para entrega continua, y como tal, la información de la versión para las versiones afectadas o actualizadas no se divulga. El proyecto fue informado del problema tempranamente a través de un informe de incidencias pero aún no ha respondido.

11 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-11 22:16

Updated : 2026-03-12 21:07

NVD link : CVE-2026-3959

Mitre link : CVE-2026-3959

CVE.ORG link : CVE-2026-3959

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

5.3 /10