top of page
perceptive_background_267k.jpg

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the componen…

Published:

28 April 2026 at 22:00:00

Alert date:

29 April 2026 at 23:01:57

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies

A critical OS command injection vulnerability (CVE-2026-7416) was discovered in PolarVista xcode-mcp-server version 1.0.0. The vulnerability affects the build_project/run_tests functions in src/index.ts of the MCP Interface component. Attackers can manipulate the Request argument to achieve remote code execution through OS command injection. The exploit has been publicly disclosed and could be actively used. The vendor has been notified through an issue report but has not responded to the disclosure.

Technical details

Mitigation steps:

Affected products:

PolarVista xcode-mcp-server

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-7416
https://github.com/BruceJqs/public_exp/issues/19
https://github.com/PolarVista/Xcode-mcp-server/
https://github.com/PolarVista/Xcode-mcp-server/issues/4
https://vuldb.com/submit/803974
https://vuldb.com/vuln/360145
https://vuldb.com/vuln/360145/cti

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page