Vulnerabilities

CVE-2026-22785 - orval MCP client is vulnerable to a code injection attack.

2026-01-12 0 views admin
CVE-2026-22785 - orval MCP client is vulnerable to a code injection attack.

CVE ID : CVE-2026-22785 Published : Jan. 12, 2026, 7:16 p.m. | 1 hour, 30 minutes ago Description : orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to

CVE Details

Published
Jan. 12, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-22785

More from Vulnerabilities

Update: CVE-2026-22200 - osTicket <= 1.18.2 pdf export arbitrary file read

Update: CVE-2026-22200 - osTicket <= 1.18.2 pdf export arbitrary file read

2026-01-12 0
CVE-2026-22783 - Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Manage

CVE-2026-22783 - Iris Allows Arbitrary File Deletion via Mass Assignment in Datastore File Manage

2026-01-12 0
CVE-2026-22781 - TinyWeb CGI Command Injection

CVE-2026-22781 - TinyWeb CGI Command Injection

2026-01-12 0
CVE-2026-22776 - cpp-httplib vulnerable to a denial of service (DOS) using a zip bomb

CVE-2026-22776 - cpp-httplib vulnerable to a denial of service (DOS) using a zip bomb

2026-01-12 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views