Wonderwhy-Er Desktopcommandermcp vulnerabilities
5 known vulnerabilities affecting wonderwhy-er/desktopcommandermcp.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-11491P2CRITICALCVSS 9.8≤ 0.2.13v0.2.0+13 more2025-10-08
CVE-2025-11491 [CRITICAL] CWE-77 CVE-2025-11491: A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is
A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
nvd
CVE-2025-11490P2CRITICALCVSS 9.8≤ 0.2.13v0.2.0+13 more2025-10-08
CVE-2025-11490 [CRITICAL] CWE-77 CVE-2025-11490: A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected elemen
A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The exploit has been disclosed to the public and
nvd
CVE-2026-10690P3MEDIUMCVSS 6.3v0.2.372026-06-03
CVE-2026-10690 [MEDIUM] CWE-918 CVE-2026-10690: A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function
A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used.
nvd
CVE-2025-11489P3HIGHCVSS 7.0≤ 0.2.13v0.2.0+13 more2025-10-08
CVE-2025-11489 [HIGH] CWE-59 CVE-2025-11489: A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vu
A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The attack's complexity is rated as high. It is stated that the ex
nvd
CVE-2026-10691P4MEDIUMCVSS 4.3v0.2.0v0.2.1+37 more2026-06-03
CVE-2026-10691 [MEDIUM] CWE-400 CVE-2026-10691: A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts a
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The expl
nvd