CVE-2026-30617HIGH 8.6EPSS p37.1%

CVE-2026-30617CVE-2026-30617

Description

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When the MCP server is started and MCP is enabled for agent execution, subsequent agent activity triggers execution of arbitrary commands on the server. Successful exploitation allows arbitrary command execution within the context of the LangChain-ChatChat service.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS0.47% probability of exploitation · percentile 37.1% · 2026-06-19T12:03:05Z
Published2026-04-15
Last modified2026-04-27

Underlying weaknesses· 1

CWE-77

References

  1. https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31236
CVE
CVE-2025-6853
CVE
CVE-2026-22252
CVE
CVE-2025-6855
CVE
CVE-2026-32625
CVE
BerriAI LiteLLM Command Injection Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.