Vulnerability Description
A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. Performing a manipulation results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/crazyrabbitLTC/mcp-code-review-server/
- https://github.com/crazyrabbitLTC/mcp-code-review-server/issues/4
- https://github.com/crazyrabbitLTC/mcp-code-review-server/pull/5
- https://github.com/user-attachments/files/26018245/mcp-code-review-server_bug.pd
- https://vuldb.com/submit/806469
- https://vuldb.com/vuln/360574
- https://vuldb.com/vuln/360574/cti
FAQ
What is CVE-2026-7628?
CVE-2026-7628 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1.0. This issue affects the function executeRepomix of the file src/repomix.ts of the component RepoMix Command Handler. P...
How severe is CVE-2026-7628?
CVE-2026-7628 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-7628?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.