← volver
CVE-2026-22785

orval MCP client is vulnerable to a code injection attack.

CVSS 9.3 CRITICALEPSS 0.7%CWE-77
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.3EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. This vulnerability is fixed in 7.18.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
orval-labs · orval