CVE-2026-22785
published 2026-01-12CVE-2026-22785: orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.71%
48.8th percentile
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. This vulnerability is fixed in 7.18.0.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| orval-labs | orval | < 7.19.0 | 7.19.0 |
| orval-labs | orval | — | — |
| orval-labs | orval | — | — |
| orval-labs | orval | — | — |
| orval | core | >= 0 < 7.19.0 | 7.19.0 |
| orval | core | >= 8.0.0-rc.0 < 8.0.2 | 8.0.2 |
| orval | mcp | >= 0 < 7.18.0 | 7.18.0 |
| orval | orval | < 7.19.0 | 7.19.0 |
| orval | orval | < 7.18.0 | 7.18.0 |
| orval | orval | >= 8.0.0 < 8.0.2 | 8.0.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa9.3CRITICAL
osv9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
ghsa·2026-01-21·CVSS 9.3
CVE-2026-23947 [CRITICAL] CWE-77 Orval has a code injection via unsanitized x-enum-descriptions in enum generation
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
### Impact
Arbitrary code execution in environments consuming generated clients
This issue is similar in nature to the recently-patched MCP vulnerability (CVE-2026-22785), but affects a different code path in @orval/core that was not addressed by that fix.
The vulnerability allows untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript code into generated clients via the x-enumDescriptions field, which is embedded without proper escaping in getEnumImplementation(). I have confirmed that the injection occurs during const enum generation and results in executable code within the generated schema files.
### Patches
Upgrade to Orval 8.0.2
### References
An example OpenAPI showing the issue
OSV
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
osv·2026-01-21·CVSS 9.3
CVE-2026-23947 [CRITICAL] Orval has a code injection via unsanitized x-enum-descriptions in enum generation
Orval has a code injection via unsanitized x-enum-descriptions in enum generation
### Impact
Arbitrary code execution in environments consuming generated clients
This issue is similar in nature to the recently-patched MCP vulnerability (CVE-2026-22785), but affects a different code path in @orval/core that was not addressed by that fix.
The vulnerability allows untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript code into generated clients via the x-enumDescriptions field, which is embedded without proper escaping in getEnumImplementation(). I have confirmed that the injection occurs during const enum generation and results in executable code within the generated schema files.
### Patches
Upgrade to Orval 8.0.2
### References
An example OpenAPI showing the issue
GHSA
orval MCP client is vulnerable to a code injection attack.
ghsa·2026-01-13
CVE-2026-22785 [CRITICAL] CWE-77 orval MCP client is vulnerable to a code injection attack.
orval MCP client is vulnerable to a code injection attack.
### Impact
The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code.
Here is an example OpenAPI with the exploit
```yaml
openapi: 3.0.4
info:
title: Swagger Petstore - OpenAPI 3.0
description: |-
This is a sample Pet Store Server based on the OpenAPI 3.0 specification. You can find out more about
Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach!
You can now help us improve the API whether it's by making changes to the definition itself or to the c
OSV
orval MCP client is vulnerable to a code injection attack.
osv·2026-01-13
CVE-2026-22785 [CRITICAL] orval MCP client is vulnerable to a code injection attack.
orval MCP client is vulnerable to a code injection attack.
### Impact
The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code.
Here is an example OpenAPI with the exploit
```yaml
openapi: 3.0.4
info:
title: Swagger Petstore - OpenAPI 3.0
description: |-
This is a sample Pet Store Server based on the OpenAPI 3.0 specification. You can find out more about
Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach!
You can now help us improve the API whether it's by making changes to the definition itself or to the c
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-22785 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-22785 [CRITICAL] CVE-2026-22785 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22785 :
JavaScript vulnerability analysis and mitigation
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. This vulnerability is fixed in 7.18.0.
Source : NVD
## 9.3
Score
Published January 12, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
JavaScript
NixOS
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.4
Exploitation Probability (EP
Wiz
CVE-2026-23947 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-23947 [CRITICAL] CVE-2026-23947 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23947 :
JavaScript vulnerability analysis and mitigation
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a different code path in @orval/core that was not addressed by CVE-2026-22785's fix. The vulnerability allows untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript code into generated clients via the x-enumDescriptions field, which is embedded without proper escaping in getEnumImplementation(). I have confirmed that the injection occurs during const enum generation and results in executable code within the gener
2026-01-12
Published