CVE-2026-30617
Remote Code Execution in LangChain-ChatChat MCP STDIO Server
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| langchain | chatchat | 0.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
LangChain-ChatChat version 0.3.1 has a remote code execution vulnerability related to its MCP STDIO server configuration and execution handling.
A remote attacker can access the publicly exposed MCP management interface and configure the MCP STDIO server with commands and arguments controlled by the attacker.
When the MCP server is started and MCP is enabled for agent execution, any subsequent agent activity can trigger the execution of arbitrary commands on the server.
This means an attacker can execute arbitrary commands within the context of the LangChain-ChatChat service remotely.
How can this vulnerability impact me? :
This vulnerability allows a remote attacker to execute arbitrary commands on the server running LangChain-ChatChat.
Such arbitrary command execution can lead to unauthorized control over the server, potentially compromising data, disrupting service, or allowing further attacks within the environment.