CVE-2026-25546
📋 TL;DR
CVE-2026-25546 is a command injection vulnerability in godot-mcp that allows remote code execution. Attackers can inject shell metacharacters through user-controlled inputs like projectPath to execute arbitrary commands with the MCP server's privileges. This affects all tools using godot-mcp before version 0.1.1.
💻 Affected Systems
- godot-mcp
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of the server host with privilege escalation to root/system, data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Arbitrary command execution within the MCP server's process context, potentially leading to file system access, data exfiltration, or lateral movement.
If Mitigated
Limited impact if server runs with minimal privileges in isolated environment, but still allows command execution within that context.
🎯 Exploit Status
Simple command injection via shell metacharacters. No authentication required if server accepts external connections. Exploit trivial for attackers with basic shell knowledge.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.1.1
Vendor Advisory: https://github.com/Coding-Solo/godot-mcp/security/advisories/GHSA-8jx2-rhfh-q928
Restart Required: Yes
Instructions:
1. Stop the godot-mcp server. 2. Update to version 0.1.1 via package manager or manual installation. 3. Restart the server. 4. Verify the fix by checking version.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict input validation to reject any projectPath containing shell metacharacters
Implement regex validation: ^[a-zA-Z0-9\/\-\._]+$ for project paths
Network Isolation
allRestrict godot-mcp server to localhost or trusted network segments only
Configure firewall to block external access to godot-mcp port
Use bind address 127.0.0.1 in server configuration
🧯 If You Can't Patch
- Run godot-mcp with minimal privileges using a dedicated low-privilege user account
- Implement network segmentation and restrict access to only trusted clients using firewall rules
🔍 How to Verify
Check if Vulnerable:
Check if godot-mcp version is below 0.1.1 and if user input reaches executeOperation function without validationCheck Version:
npm list godot-mcp | grep godot-mcp or check package.json versionVerify Fix Applied:
Confirm version is 0.1.1 or higher and test that shell metacharacters in projectPath no longer execute commands📡 Detection & Monitoring
Log Indicators:
- Unusual shell commands in process execution logs
- Multiple failed command injection attempts in application logs
- Unexpected child process spawns from godot-mcp
Network Indicators:
- Unusual outbound connections from godot-mcp server
- Traffic to suspicious IPs or domains from server process
SIEM Query:
process.name:"godot-mcp" AND process.cmdline:(*sh* OR *bash* OR *cmd* OR *powershell*)