CVE-2025-53818 – GitHub Kanban MCP Server Command Injection Vulnerability

CVE ID : CVE-2025-53818

Published : July 14, 2025, 9:15 p.m. | 1 hour, 14 minutes ago

Description : GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3.0 and 0.4.0 of the MCP Server are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `add_comment` which relies on Node.js child process API `exec` to execute the GitHub (`gh`) command, is an unsafe and vulnerable API if concatenated with untrusted user input. As of time of publication, no known patches are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…