{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3959", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-11T12:45:31.452Z", "datePublished": "2026-03-11T21:32:12.063Z", "dateUpdated": "2026-03-12T19:28:32.193Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-11T21:32:12.063Z"}, "title": "0xKoda WireMCP Tshark CLI index.js server.tool os command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-78", "lang": "en", "description": "OS Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}], "affected": [{"vendor": "0xKoda", "product": "WireMCP", "versions": [{"version": "7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e", "status": "affected"}], "modules": ["Tshark CLI Command Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-11T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-11T13:50:42.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Yinci Chen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.350389", "name": "VDB-350389 | 0xKoda WireMCP Tshark CLI index.js server.tool os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350389", "name": "VDB-350389 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.768129", "name": "Submit #768129 | 0xKoda WireMCP <=1.0.0 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/0xKoda/WireMCP/issues/12", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/25571315/WireMCP_security_advisory.pdf", "tags": ["exploit"]}, {"url": "https://github.com/0xKoda/WireMCP/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T19:28:17.633399Z", "id": "CVE-2026-3959", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T19:28:32.193Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3959", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T19:28:17.633399Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T19:28:26.316Z"}}], "cna": {"title": "0xKoda WireMCP Tshark CLI index.js server.tool os command injection", "credits": [{"lang": "en", "type": "reporter", "value": "Yinci Chen (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "0xKoda", "modules": ["Tshark CLI Command Handler"], "product": "WireMCP", "versions": [{"status": "affected", "version": "7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e"}]}], "timeline": [{"lang": "en", "time": "2026-03-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-11T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-11T13:50:42.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.350389", "name": "VDB-350389 | 0xKoda WireMCP Tshark CLI index.js server.tool os command injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350389", "name": "VDB-350389 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.768129", "name": "Submit #768129 | 0xKoda WireMCP <=1.0.0 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/0xKoda/WireMCP/issues/12", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/25571315/WireMCP_security_advisory.pdf", "tags": ["exploit"]}, {"url": "https://github.com/0xKoda/WireMCP/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "OS Command Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "Command Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-11T21:32:12.063Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3959", "state": "PUBLISHED", "dateUpdated": "2026-03-12T19:28:32.193Z", "dateReserved": "2026-03-11T12:45:31.452Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-11T21:32:12.063Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in 0xKoda WireMCP up to 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Impacted is the function server.tool of the file index.js of the component Tshark CLI Command Handler. The manipulation results in os command injection. The attack needs to be approached locally. The exploit has been made public and could be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en 0xKoda WireMCP hasta 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. La funci\u00f3n afectada es server.tool del archivo index.js del componente Gestor de Comandos CLI de Tshark. La manipulaci\u00f3n resulta en inyecci\u00f3n de comandos del sistema operativo. El ataque debe abordarse localmente. El exploit se ha hecho p\u00fablico y podr\u00eda ser utilizado. Este producto utiliza un sistema de lanzamiento continuo para entrega continua, y como tal, la informaci\u00f3n de la versi\u00f3n para las versiones afectadas o actualizadas no se divulga. El proyecto fue informado del problema tempranamente a trav\u00e9s de un informe de incidencias pero a\u00fan no ha respondido."}], "id": "CVE-2026-3959", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-11T22:16:37.193", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/0xKoda/WireMCP/"}, {"source": "cna@vuldb.com", "url": "https://github.com/0xKoda/WireMCP/issues/12"}, {"source": "cna@vuldb.com", "url": "https://github.com/user-attachments/files/25571315/WireMCP_security_advisory.pdf"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.350389"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.350389"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.768129"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-78"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WireMCP", "source": "cna", "vendor": "0xKoda"}, "product": "wiremcp", "vendor": "0xkoda"}], "analysis": {"en": {"generated_at": "2026-03-17T16:20:29.767735+00:00", "value": {"mitigation_remediation": ["Identify if your WireMCP installation includes the vulnerable commit.", "Restrict local access to the Tshark CLI component to trusted administrators.", "Monitor logs for unexpected command execution or abnormal input patterns.", "Keep the repository cloned and watch for new commits that address the issue.", "Apply an official patch or update once released by 0xKoda.", "As an interim measure, consider disabling or removing the Tshark CLI if it is not needed."], "summary": {"action": "Assess Impact", "impact": "OS Command Injection (Local)"}, "threat_synthesis": {"affected_systems": "Affected systems include deployments of 0xKoda WireMCP up to commit 7f45f8b2b4adeb76be8c6227eefb38533fdd6b1e. Because the project uses a rolling release model, exact released version numbers are not publicly disclosed, but any instance running code before the unreported fix is vulnerable.", "description_and_impact": "A local vulnerability exists in the server.tool function of index.js within the Tshark CLI Command Handler of 0xKoda WireMCP. The flaw allows an attacker with local access to manipulate input and trigger arbitrary OS command execution, exposing the system to integrity compromise. This is a classic OS command injection attack (CWE\u201177/CWE\u201178).", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity, and the EPSS score of less than 1% signals a low likelihood of widespread exploitation. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog and requires local access; thus the risk to remote users is limited. However, local attackers could gain unauthenticated command execution if the affected component is reachable."}}}}, "created": "2026-03-12T09:55:45.231251+00:00", "updated": "2026-03-20T15:36:53.974905+00:00", "vendors": ["0xkoda", "0xkoda$PRODUCT$wiremcp"]}