### Key Information Summary #### Vulnerability Overview - **Vulnerability Type**: Command Injection (CWE-78) - **Affected Scope**: Tencent/WeKnora project's `internal/mcp/client.go` file, versions < 0.2.5 - **CVE ID**: CVE-2026-22688 - **CVSS Score**: 10.0 (Critical) #### Vulnerability Description - **Core Issue**: This vulnerability allows authenticated users to inject commands into the MCP stdio settings, leading to the server executing the injected commands. - **Root Causes**: - Lack of security filtering - Functional flaw (violation of trust boundary) - Missing authorization controls #### Vulnerability Code Analysis - **API Registration**: API route registration in `WeKnora/internal/router/router.go`. - **User Input**: JSON input bound to `types.MCPService`. - **Contamination Propagation**: Objects stored in the database are not sanitized. - **Execution Flow**: `/test` terminal loads and executes the service. - **Final Execution**: After running the script, subprocess execution directly uses commands/parameters from the stdio configuration. #### Exploitation Method (PoC) - Obtain an authentication token. - Create an MCP service with command injection payload. - Trigger the vulnerability by calling the `/test` endpoint. #### Impact - Remote Code Execution (RCE) - Information Disclosure - Privilege Escalation / Lateral Movement #### Remediation Recommendations - Implement strict filtering and validation for `stdio_config.command` and `env` parameters. - Enforce access controls to restrict command execution to authorized users. - Fix code paths that spawn subprocesses based on unvalidated user input. - Release a patched version and upgrade to the latest secure version.