← voltar
CVE-2026-30616

CVE-2026-30616

CVSS 7.3 HIGHEPSS 0.3%CWE-77
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
15 abr 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation results in arbitrary command execution within the context of the Jaaz service, potentially allowing full compromise of the affected system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Produtos afetados
n/a · n/a