๐Ÿ” CVE Alert

CVE-2026-16133

MEDIUM 5.0

LiuMengxuan04 MiniCode mcp.ts child_process.spawn command injection

CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
0th

A flaw has been found in LiuMengxuan04 MiniCode 0.1.0. Affected by this vulnerability is the function child_process.spawn of the file mcp.ts. Executing a manipulation can lead to command injection. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation appears to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

CWE CWE-77 CWE-74
Vendor liumengxuan04
Product minicode
Published Jul 18, 2026
Stay Ahead of the Next One

Get instant alerts for liumengxuan04 minicode

Be the first to know when new medium vulnerabilities affecting liumengxuan04 minicode are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

LiuMengxuan04 / MiniCode
0.1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/379853 vuldb.com: https://vuldb.com/vuln/379853/cti vuldb.com: https://vuldb.com/cve/CVE-2026-16133 vuldb.com: https://vuldb.com/submit/856976 github.com: https://github.com/LiuMengxuan04/MiniCode/issues/35 github.com: https://github.com/LiuMengxuan04/MiniCode/pull/37 gist.github.com: https://gist.github.com/menelausx/b42381d2788a334cba8cda43f52e2a28 github.com: https://github.com/LiuMengxuan04/MiniCode/

Credits

๐Ÿ” JasperX (VulDB User) VulDB CNA Team