CVE-2026-23523 – This vulnerability in the Dive MCP Host Desktop... (How to Fix)

Q: What is the severity of CVE-2026-23523?

CVE-2026-23523 has a CVSS score of 9.6 (CRITICAL). This vulnerability in the Dive MCP Host Desktop Application allows attackers to install malicious MCP server configurations via crafted deeplinks without proper user confirmation, leading to arbitrary command execution on the victim's machine. All users running Dive versions before 0.13.0 are affected. The vulnerability enables full system compromise through local command execution.

📋 TL;DR

This vulnerability in the Dive MCP Host Desktop Application allows attackers to install malicious MCP server configurations via crafted deeplinks without proper user confirmation, leading to arbitrary command execution on the victim's machine. All users running Dive versions before 0.13.0 are affected. The vulnerability enables full system compromise through local command execution.

💻 Affected Systems

Products:

Dive MCP Host Desktop Application

Versions: All versions prior to 0.13.0

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. The application must be running and accessible via deeplinks for exploitation.

📦 What is this software?

Dive by Openagentplatform

View all CVEs affecting Dive →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining full control over the victim's machine, data exfiltration, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files, credential theft, and lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and user privilege restrictions, potentially containing damage to isolated systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction with a malicious deeplink but no authentication. The vulnerability is straightforward to exploit once the deeplink is triggered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.13.0

Vendor Advisory: https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-pjj5-f3wm-f9m8

Restart Required: Yes

Instructions:

1. Download Dive version 0.13.0 or later from the official repository. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Restart the application.

🔧 Temporary Workarounds

Disable deeplink handling

all

Prevent Dive from handling deeplinks to block the attack vector

On Windows: Remove Dive from default applications for URL protocols
On macOS: Use RCDefaultApp or similar to change default handlers
On Linux: Modify .desktop files to remove MIME type associations

Network isolation

all

Restrict network access to prevent malicious deeplink delivery

Configure firewall rules to block unnecessary inbound/outbound connections to Dive

🧯 If You Can't Patch

Run Dive with minimal user privileges to limit potential damage from command execution
Implement application whitelisting to prevent unauthorized binary execution

🔍 How to Verify

Check if Vulnerable:

Check Dive version in application settings or via command line: dive --version

Check Version:

dive --version

Verify Fix Applied:

Confirm version is 0.13.0 or higher using: dive --version

📡 Detection & Monitoring

Log Indicators:

Unexpected MCP server configuration changes
Unusual process execution from Dive context
Deeplink activation logs with suspicious URLs

Network Indicators:

Outbound connections to unknown MCP servers
Unusual network traffic patterns from Dive process

SIEM Query:

process_name:"dive" AND (event_type:"process_creation" OR event_type:"registry_modification")

📊 Metadata

CVE ID: CVE-2026-23523

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.05% exploit probability (15.9th percentile)

Published: January 16, 2026

Last Updated: February 9, 2026

🔗 References

https://github.com/OpenAgentPlatform/Dive/commit/a5162ac9eff366d8ea1215b8a47139a81a55a779 Patch
https://github.com/OpenAgentPlatform/Dive/security/advisories/GHSA-pjj5-f3wm-f9m8 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23523, you might also want to check these: