CVE-2026-2130
📋 TL;DR
This CVE describes a command injection vulnerability in BurtTheCoder's mcp-maigret tool up to version 1.0.12. Attackers can execute arbitrary commands on affected systems by manipulating the Username parameter in the search_username component. This affects anyone using vulnerable versions of mcp-maigret, particularly those exposing the tool to untrusted input.
💻 Affected Systems
- BurtTheCoder mcp-maigret
📦 What is this software?
Maigret Mcp Server by Burtthecoder
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise allowing attackers to execute arbitrary commands with the privileges of the mcp-maigret process, potentially leading to data theft, system takeover, or lateral movement.
Likely Case
Remote code execution allowing attackers to run commands on the affected system, potentially leading to data exfiltration, installation of malware, or use as a foothold for further attacks.
If Mitigated
No impact if proper input validation and sanitization are implemented, or if the system is patched to version 1.0.13 or later.
🎯 Exploit Status
The vulnerability allows remote exploitation without authentication. Attack complexity is low as it involves manipulating a single parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.13
Vendor Advisory: https://github.com/BurtTheCoder/mcp-maigret/releases/tag/v1.0.13
Restart Required: Yes
Instructions:
1. Stop the mcp-maigret service. 2. Update to version 1.0.13 using npm update mcp-maigret or by downloading from GitHub. 3. Restart the service.
🔧 Temporary Workarounds
Input Validation Filter
allImplement strict input validation to reject any Username parameter containing shell metacharacters or suspicious patterns.
Implement regex validation: /^[a-zA-Z0-9_-]+$/ for Username parameter
Network Isolation
linuxRestrict network access to mcp-maigret instances to trusted sources only.
iptables -A INPUT -p tcp --dport [mcp-maigret-port] -s [trusted-ip] -j ACCEPT
iptables -A INPUT -p tcp --dport [mcp-maigret-port] -j DROP
🧯 If You Can't Patch
- Implement strict input validation and sanitization for the Username parameter
- Run mcp-maigret with minimal privileges and in a sandboxed/containerized environment
🔍 How to Verify
Check if Vulnerable:
Check the installed version of mcp-maigret. If version is 1.0.12 or earlier, the system is vulnerable.Check Version:
npm list mcp-maigret | grep mcp-maigretVerify Fix Applied:
Verify the installed version is 1.0.13 or later and test with controlled input containing shell metacharacters.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns
- Suspicious Username parameters containing shell metacharacters
- Unexpected process spawns from mcp-maigret
Network Indicators:
- Unusual outbound connections from mcp-maigret process
- Traffic to unexpected destinations
SIEM Query:
process.name:"mcp-maigret" AND (cmdline:*;* OR cmdline:*&* OR cmdline:*|* OR cmdline:*`*)🔗 References
- https://github.com/BurtTheCoder/mcp-maigret/
- https://github.com/BurtTheCoder/mcp-maigret/commit/b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a
- https://github.com/BurtTheCoder/mcp-maigret/issues/9
- https://github.com/BurtTheCoder/mcp-maigret/pull/10
- https://github.com/BurtTheCoder/mcp-maigret/releases/tag/v1.0.13
- https://vuldb.com/?ctiid.344765
- https://vuldb.com/?id.344765
- https://vuldb.com/?submit.747171
