CVE-2026-25905 | THREATINT

Description

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the "mcp-run-python" project is archived and unlikely to receive a fix.

PUBLISHED Reserved 2026-02-08 | Published 2026-02-09 | Updated 2026-02-09 | Assigner JFROG

MEDIUM: 5.8CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Problem types

CWE-653 Improper Isolation or Compartmentalization

Product status

Any version

affected

References

research.jfrog.com/...tion-mcp-takeover-jfsa-2026-001653030/ third-party-advisory

cve.org (CVE-2026-25905)

nvd.nist.gov (CVE-2026-25905)

Download JSON