CVE-2026-25546
Unknown Unknown - Not Provided
Command Injection in Godot MCP Allows Remote Code Execution

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: GitHub, Inc.

Description
Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input (e.g., projectPath) directly to exec(), which spawns a shell. An attacker could inject shell metacharacters like $(command) or &calc to execute arbitrary commands with the privileges of the MCP server process. This affects any tool that accepts projectPath, including create_scene, add_node, load_sprite, and others. This issue has been patched in version 0.1.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25546
EUVD
EUVD-2026-5327
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coding-solo godot_mcp to 0.1.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Godot MCP, a Model Context Protocol server for the Godot game engine, is a command injection flaw present before version 0.1.1. Specifically, the executeOperation function improperly passes user-controlled input, such as projectPath, directly to the exec() function which spawns a shell. This allows an attacker to inject shell metacharacters (e.g., $(command) or &calc) to execute arbitrary commands with the privileges of the MCP server process.

This affects any tool that accepts projectPath input, including create_scene, add_node, load_sprite, and others. The issue was fixed in version 0.1.1.

Impact Analysis

This vulnerability can allow an attacker to remotely execute arbitrary commands on the system running the Godot MCP server with the same privileges as the MCP server process. This could lead to unauthorized access, data manipulation, system compromise, or disruption of services.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, upgrade the Godot MCP server to version 0.1.1 or later, where the command injection issue has been patched.

Avoid using versions prior to 0.1.1, as they allow remote code execution via user-controlled input passed directly to exec().

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25546. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart