CVE-2026-5833
awwaiid mcp-server-taskwarrior index.ts server.setRequestHandler command injection
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The name of the patch is 1ee3d282debfa0a99afeb41d22c4b2fd5a3148f2. Applying a patch is advised to resolve this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
| CWE | CWE-77 CWE-74 |
| Vendor | awwaiid |
| Product | mcp-server-taskwarrior |
| Published | Apr 9, 2026 |
| Last Updated | Apr 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for awwaiid mcp-server-taskwarrior
Be the first to know when new medium vulnerabilities affecting awwaiid mcp-server-taskwarrior are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
awwaiid / mcp-server-taskwarrior
1.0.0 1.0.1
References
vuldb.com: https://vuldb.com/vuln/356289 vuldb.com: https://vuldb.com/vuln/356289/cti vuldb.com: https://vuldb.com/submit/789810 github.com: https://github.com/awwaiid/mcp-server-taskwarrior/issues/8 github.com: https://github.com/awwaiid/mcp-server-taskwarrior/issues/8#issuecomment-4139402095 github.com: https://github.com/user-attachments/files/25923228/mcp-server-taskwarrior_bug.pdf github.com: https://github.com/awwaiid/mcp-server-taskwarrior/commit/1ee3d282debfa0a99afeb41d22c4b2fd5a3148f2 github.com: https://github.com/awwaiid/mcp-server-taskwarrior/
Credits
๐ Yinci Chen (VulDB User) VulDB CNA Team