CVE-2025-53818

14.07.2025, 21:15

GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3.0 and 0.4.0 of the MCP Server are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `add_comment` which relies on Node.js child process API `exec` to execute the GitHub (`gh`) command, is an unsafe and vulnerable API if concatenated with untrusted user input. As of time of publication, no known patches are available.

OS Command Injection

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
GitHub_M	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/main/src/handlers/comment-handlers.ts#L8

https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/main/src/handlers/tool-handlers.ts#L79

https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/v0.4.0/src/handlers/comment-handlers.ts#L8-L23

https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/security/advisories/GHSA-6jx8-rcjx-vmwf