CVE-2026-27203 – eBay API MCP Server Affected by Environment Variable Injection

CVE ID : CVE-2026-27203

Published : Feb. 21, 2026, 12:16 a.m. | 47 minutes ago

Description : eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay’s Sell APIs. All versions are vulnerable to Environment Variable Injection through the updateEnvFile function. The ebay_set_user_tokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration file. An attacker can inject arbitrary environment variables into the .env file. This could lead to configuration overwrites, Denial of Service, and potential RCE. There was no fix for this issue at the time of publication.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-27203 – eBay API MCP Server Affected by Environment Variable Injection

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-27134 – Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS user autentication

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-27202 – GetSimple CMS: Uploaded Files (feature) Arbitrary File Read Vulnerability

CVE-2026-27189 – OpenSift: Race-prone local persistence could cause state corruption/loss

CVE-2026-27170 – OpenSift: SSRF risk in URL ingestion endpoint

CVE-2026-27169 – OpenSift: Persistent XSS Chat Tool Rendering