Vulnerability  ·  2026-07-19

MiniCode MCP Command Injection via child_process.spawn

VulnerabilityMedium impactGlobalCVE-2026-16133
A publicly disclosed gist detailed a command injection vulnerability (CVSS 5.0) in MiniCode's MCP implementation, stemming from unsafe use of Node's child_process.spawn.
Even single-author/niche MCP server implementations are part of the growing MCP ecosystem attack surface; command injection in an MCP tool handler gives an attacker code execution wherever that MCP server is deployed alongside an AI agent.
The mcp.ts file's use of child_process.spawn can be manipulated to achieve command injection; the attack can be launched remotely but requires a high level of complexity.
LiuMengxuan04 MiniCode 0.1.0
No official patch confirmed at disclosure time; sanitize all inputs passed to child_process.spawn and avoid shell interpolation.
Gist: MiniCode mcp.ts command injection PoC
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →