VYPR

Desktopcommandermcp

by Wonderwhy Er

Source repositories

CVEs (5)

  • CVE-2025-11491MedOct 8, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-11490MedOct 8, 2025
    risk 0.41cvss 6.3epss 0.04

    A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. The attack may be…

  • CVE-2026-10690MedJun 3, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read_file. Such manipulation of the argument url leads to server-side request forgery. The attack may be…

  • CVE-2025-11489MedOct 8, 2025
    risk 0.29cvss 4.5epss 0.00

    A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local…

  • CVE-2026-10691MedJun 3, 2026
    risk 0.21cvss 4.3epss 0.00

    A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular…