CVE-2026-16133
LiuMengxuan04 MiniCode mcp.ts child_process.spawn command injection
CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in LiuMengxuan04 MiniCode 0.1.0. Affected by this vulnerability is the function child_process.spawn of the file mcp.ts. Executing a manipulation can lead to command injection. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-77 CWE-74 |
| Vendor | liumengxuan04 |
| Product | minicode |
| Published | Jul 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for liumengxuan04 minicode
Be the first to know when new medium vulnerabilities affecting liumengxuan04 minicode are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
LiuMengxuan04 / MiniCode
0.1.0
References
vuldb.com: https://vuldb.com/vuln/379853 vuldb.com: https://vuldb.com/vuln/379853/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16133 vuldb.com: https://vuldb.com/submit/856976 github.com: https://github.com/LiuMengxuan04/MiniCode/issues/35 github.com: https://github.com/LiuMengxuan04/MiniCode/pull/37 gist.github.com: https://gist.github.com/menelausx/b42381d2788a334cba8cda43f52e2a28 github.com: https://github.com/LiuMengxuan04/MiniCode/
Credits
๐ JasperX (VulDB User) VulDB CNA Team