Fetching from the wire…
Public story · 2026-03-21 · source-backed
CVE-2026-4496 (CVSS 5.3) affects Git-MCP-Server — the MCP adapter that gives agents git access. In gitUtils.ts, user-supplied parameters pass directly into child_process.exec without sanitization, enabling OS command injection via any agent input that reaches a git operation. Any agent pipeline exposing git operations through this server without input validation is vulnerable. This is the exact exec() → execFile() pattern that Snyk documents as 43% of all MCP CVEs.
Each link below shares sources, entities, or timing with this story.
Snyk supports MCP / Shared entities / Same source domain / Earlier coverage
Linked by a graph relationship (Snyk supports MCP); both cover CVE, CVSS, MCP, MCP CVEs; reported by the same outlet (snyk.io).
Snyk supports MCP / Shared entities / Same source / Shared topic
Linked by a graph relationship (Snyk supports MCP); both cover CVE, CVSS, MCP, Server; cite the same source (Snyk documents as 43% of all MCP CVEs, CVE-2026-4496).
Snyk supports MCP / Shared entities / Same source domain / Shared topic / What happened next
Linked by a graph relationship (Snyk supports MCP); both cover CVE, CVSS, MCP; reported by the same outlet (thehackerwire.com).
Snyk supports MCP / Shared entities / Shared topic / What happened next
Linked by a graph relationship (Snyk supports MCP); both cover CVE, CVSS, MCP; overlapping topics (agent, command).
Snyk partners with Anthropic / Shared entities / What happened next / Tension
Linked by a graph relationship (Snyk partners with Anthropic); both cover CVE, CVSS, MCP; picks up the CVE thread on 2026-03-23.
Snyk supports MCP / Shared entities / Shared topic / What happened next
Linked by a graph relationship (Snyk supports MCP); both cover CVE, MCP; overlapping topics (agent, command, input).
Snyk partners with Anthropic / Shared entities / Shared topic / What happened next
Linked by a graph relationship (Snyk partners with Anthropic); both cover CVSS, MCP; overlapping topics (command, cvss, injection).
Snyk supports MCP / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Snyk supports MCP); both cover CVE, MCP; overlapping topics (agent, command, injection).