CVE-2026-23523
Dive allows One-click Remote Code Execution through Deep Links for MCP Install
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation and can lead to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
OpenAgentPlatform · DiveQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →