๐Ÿ” CVE Alert

CVE-2026-57860

HIGH 7.8

ForgeCode Arbitrary Code Execution via Unvetted .mcp.json in Untrusted Repository

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

ForgeCode (tailcallhq/forgecode), an AI pair-programming CLI, automatically loads and executes the MCP servers defined in a repository's .mcp.json file on startup without user confirmation. A malicious repository can supply a crafted .mcp.json whose mcpServers entries specify arbitrary command and args values (for example, command: bash with args: ['-c', 'touch /tmp/pwned']). When a user runs the forge CLI inside a cloned untrusted repository, the specified commands are spawned with the invoking user's privileges, resulting in arbitrary code execution. This provides a reliable initial-access and persistence primitive against developers who evaluate untrusted repositories with ForgeCode.

CWE CWE-829
Vendor tailcallhq
Product forgecode
Published Jul 17, 2026
Last Updated Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for tailcallhq forgecode

Be the first to know when new high vulnerabilities affecting tailcallhq forgecode are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

tailcallhq / forgecode
2.11.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/tailcallhq/forgecode/issues/3022 github.com: https://github.com/tailcallhq/forgecode/issues/3252 github.com: https://github.com/tailcallhq/forgecode github.com: https://github.com/tailcallhq/forgecode/commit/68ca3a3a26c73c38a700453d3d021b5bbdc15dbd vulncheck.com: https://www.vulncheck.com/advisories/forgecode-arbitrary-code-execution-via-unvetted-mcp-json-in-untrusted-repository

Credits

Saad ELHARAJ (SAAITAAMAA)