CVE-2026-10688EPSS p7.5%

CVE-2026-10688CVE-2026-10688

Description

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

Scoring

CVSS 5.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS0.18% probability of exploitation · percentile 7.5% · 2026-06-19T12:03:05Z
Last modified2026-06-04

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10661
CVE
CVE-2026-10662
CVE
CVE-2026-2008
CVE
CVE-2026-10692
CVE
CVE-2026-11529
CVE
CVE-2026-10274
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.