Vulnerabilities

CVE-2026-25905 - Lack of isolation in mcp-run-python leads to MCP server takeover

2026-02-09 0 views admin
CVE-2026-25905 - Lack of isolation in mcp-run-python leads to MCP server takeover

CVE ID : CVE-2026-25905 Published : Feb. 9, 2026, 9:16 a.m. | 55 minutes ago Description : The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the

CVE Details

Published
Feb. 9, 2026
Affected Product: Python

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-25905python

More from Vulnerabilities

CVE-2026-22922 - Apache Airflow: Airflow externalLogUrl Permission Bypass

CVE-2026-22922 - Apache Airflow: Airflow externalLogUrl Permission Bypass

2026-02-09 0
CVE-2026-25846 - JetBrains YouTrack Mailbox Token Exposure Vulnerability

CVE-2026-25846 - JetBrains YouTrack Mailbox Token Exposure Vulnerability

2026-02-09 0
CVE-2026-24098 - Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

CVE-2026-24098 - Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

2026-02-09 0
CVE-2026-25848 - JetBrains Hub Authentication Bypass Vulnerability

CVE-2026-25848 - JetBrains Hub Authentication Bypass Vulnerability

2026-02-09 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views