CVE-2026-25546
Unknown Unknown - Not Provided
Command Injection in Godot MCP Allows Remote Code Execution

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: GitHub, Inc.

Description
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), which spawns a shell. An attacker could inject shell metacharacters like $(command) or &calc to execute arbitrary commands with the privileges of the MCP server process. This affects any tool that accepts projectPath, including create_scene, add_node, load_sprite, and others. This issue has been patched in version 0.1.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-18
Generated
2026-05-27
AI Q&A
2026-02-05
EPSS Evaluated
2026-05-25
NVD
CVE-2026-25546
EUVD
EUVD-2026-5327
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coding-solo godot_mcp to 0.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

The vulnerability in Godot MCP, a Model Context Protocol server for the Godot game engine, is a command injection flaw present before version 0.1.1. Specifically, the executeOperation function improperly passes user-controlled input, such as projectPath, directly to the exec() function which spawns a shell. This allows an attacker to inject shell metacharacters (e.g., $(command) or &calc) to execute arbitrary commands with the privileges of the MCP server process.

This affects any tool that accepts projectPath input, including create_scene, add_node, load_sprite, and others. The issue was fixed in version 0.1.1.


How can this vulnerability impact me? :

This vulnerability can allow an attacker to remotely execute arbitrary commands on the system running the Godot MCP server with the same privileges as the MCP server process. This could lead to unauthorized access, data manipulation, system compromise, or disruption of services.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade the Godot MCP server to version 0.1.1 or later, where the command injection issue has been patched.

Avoid using versions prior to 0.1.1, as they allow remote code execution via user-controlled input passed directly to exec().


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart