CVE-2026-4199
CWE-74Published: March 16, 2026· Updated: Mar 16, 2026
Official Description
A vulnerability was identified in bazinga012 mcp_code_executor up to 0.3.0. Affected by this issue is the function installDependencies of the file src/index.ts. Such manipulation leads to command injection. The attack can only be performed from a local environment. The exploit is publicly available and might be used. It is best practice to apply a patch to resolve this issue. The project was informed of the problem early through an issue report but has not responded yet.
Technical Analysis
CVE-2026-4199 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (7)
Quick Facts
Related CVEs (CWE-74)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-4199 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts