CVE-2026-10691

Sažetak

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.

Reference

https://github.com/wonderwhy-er/DesktopCommanderMCP/
https://github.com/wonderwhy-er/DesktopCommanderMCP/commit/4ce845f8749b6a159b57b38dcc3357f7222a8078
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/375
https://github.com/wonderwhy-er/DesktopCommanderMCP/pull/400
https://github.com/wonderwhy-er/DesktopCommanderMCP/releases/tag/v0.2.39
https://vuldb.com/cve/CVE-2026-10691
https://vuldb.com/submit/830746
https://vuldb.com/vuln/367960
https://vuldb.com/vuln/367960/cti

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

03-06-2026 - 00:16

Objavljeno

03-06-2026 - 00:16