CVE-2026-44717CRITICAL 9.8EPSS p37.5%

CVE-2026-44717CVE-2026-44717

Description

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.48% probability of exploitation · percentile 37.5% · 2026-06-19T12:03:05Z
Published2026-05-15
Last modified2026-05-18

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/611711Dark/mcp_calculate_server/security/advisories/GHSA-2mgq-7rfg-rwpj

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41507
CVE
CVE-2026-40897
CVE
CVE-2026-2008
CVE
CVE-2026-30617
CVE
CVE-2026-41139
CVE
CVE-2025-61492
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.