VYPR

Code Runner MCP Server

by Code Runner

CVEs (1)

  • CVE-2026-5029HigMay 12, 2026
    risk 0.57cvss epss 0.00

    A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply…