VYPR

npm package

@coding-solo/godot-mcp

pkg:npm/%40coding-solo/godot-mcp

Vulnerabilities (1)

  • CVE-2026-25546Feb 4, 2026
    affected < 0.1.1fixed 0.1.1

    Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) direc