CVE-2026-25905

MEDIUM

5.8

Descripcion

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the "mcp-run-python" project is archived and unlikely to receive a fix.

Detalles CVE

Puntuacion CVSS v3.15.8

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Vector de ataqueNETWORK

ComplejidadHIGH

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado2/9/2026

Ultima modificacion2/9/2026

Fuentenvd

Avistamientos honeypot0

Debilidades (CWE)

CWE-653

Referencias

https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030/(reefs@jfrog.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.