CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-2131

A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 80.2%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulnerability.md
https://vuldb.com/?ctiid.344766
https://vuldb.com/?id.344766
https://vuldb.com/?submit.747209

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-2131

Products

Pricing

Contact Us