stata-mcp

CVEs (1)

• CVE-2026-47708criJun 4, 2026
  SepineTam

  stata-mcp
  risk 0.52cvss —epss —

  ### Summary The `log_file_name` parameter in the `stata_do` API and CLI is directly interpolated into a Stata command string without sanitization. The security guard (`GuardValidator`) only scans the do-file content but does not validate this parameter. An attacker can inject…