CVE-2026-25546

Published: Feb 4, 2026Modified: Mar 18, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: security-advisories@github.com (Secondary)

Description

Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), which spawns a shell. An attacker could inject shell metacharacters like $(command) or &calc to execute arbitrary commands with the privileges of the MCP server process. This affects any tool that accepts projectPath, including create_scene, add_node, load_sprite, and others. This issue has been patched in version 0.1.1.

Affected (1)

Products: Coding Solo: Godot Mcp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Coding Solo Godot Mcp	Before 0.1.1

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

https://github.com/Coding-Solo/godot-mcp/commit/21c785d923cfdb471ea60323c13807d62dfecc5a

Source: security-advisories@github.com

Patch

https://github.com/Coding-Solo/godot-mcp/issues/64

Source: security-advisories@github.com

Issue Tracking

https://github.com/Coding-Solo/godot-mcp/pull/67

Source: security-advisories@github.com

Issue TrackingPatch

https://github.com/Coding-Solo/godot-mcp/security/advisories/GHSA-8jx2-rhfh-q928

Source: security-advisories@github.com

Vendor Advisory

Timeline

No history available yet.