Vulnerabilities

CVE-2026-23523 - Dive allows One-click Remote Code Execution through Deep Links for MCP Install

2026-01-16 0 views admin
CVE-2026-23523 - Dive allows One-click Remote Code Execution through Deep Links for MCP Install

CVE ID : CVE-2026-23523 Published : Jan. 16, 2026, 5:15 p.m. | 59 minutes ago Description : Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0. Severity: 9.6 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
CRITICAL
Published
Jan. 16, 2026
Attack Vector: local

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-23523critical

More from Vulnerabilities

CVE-2025-71020 - Tenda AX-1806 Stack Overflow Denial of Service

CVE-2025-71020 - Tenda AX-1806 Stack Overflow Denial of Service

2026-01-16 0
CVE-2025-70746 - Tenda AX-1806 Stack-Based Buffer Overflow Vulnerability

CVE-2025-70746 - Tenda AX-1806 Stack-Based Buffer Overflow Vulnerability

2026-01-16 0
CVE-2024-44238 - Apple iOS/ iPadOS Memory Corruption Vulnerability

CVE-2024-44238 - Apple iOS/ iPadOS Memory Corruption Vulnerability

2026-01-16 0
CVE-2024-54556 - Apple iOS Lock Screen Restricted Content Disclosure Vulnerability

CVE-2024-54556 - Apple iOS Lock Screen Restricted Content Disclosure Vulnerability

2026-01-16 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views