CVE-2026-30635

Published: May 11, 2026

Modified: May 12, 2026

PUBLISHED

Description

Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task (aka view) in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGE_BASE_URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gist.github.com/spdc-elm/3ddecd10ffa85c5963ab7fe531619875

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-30635

Description

Affected Products

References