CVE-2026-10688

MEDIUM 5.5

ahujasid blender-mcp server.py execute_blender_code code injection

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute_blender_code of the file /src/blender_mcp/server.py. This manipulation of the argument code causes code injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-94 CWE-74
Vendor	ahujasid
Product	blender-mcp
Published	Jun 2, 2026
Last Updated	Jun 3, 2026

Stay Ahead of the Next One

Get instant alerts for ahujasid blender-mcp

Be the first to know when new medium vulnerabilities affecting ahujasid blender-mcp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

ahujasid / blender-mcp

7636d13bded82eca58eb93c3f4cd8708dfdfbe8b

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367958 vuldb.com: https://vuldb.com/vuln/367958/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10688 vuldb.com: https://vuldb.com/submit/830728 github.com: https://github.com/ahujasid/blender-mcp/issues/201 github.com: https://github.com/ahujasid/blender-mcp/

Credits

🔍 skywings (VulDB User) VulDB CNA Team