CVE-2026-30618
Gravedad CVSS v3.1:
CRÍTICA
Tipo:
CWE-94
Control incorrecto de generación de código (Inyección de código)
Fecha de publicación:
15/07/2026
Última modificación:
16/07/2026
Descripción
*** Pendiente de traducción *** xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulting in execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the Fay service.
Impacto
Puntuación base 3.x
9.80
Gravedad 3.x
CRÍTICA



