Cyber Posture

CVE-2026-2178

MediumPublic PoC

Published: 08 February 2026

Published
08 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0038 59.2th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component run_lldb. The manipulation of the argument args results in command injection. It is possible to launch the attack…

more

remotely. The exploit has been made public and could be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The patch is identified as 11f8d6bacadd153beee649f92a78a9dad761f56f. Applying a patch is advised to resolve this issue.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the command injection vulnerability by requiring timely application of the specific patch commit 11f8d6bacadd153beee649f92a78a9dad761f56f.

SI-10 Information Input Validation good match
prevent

Prevents command injection by validating the manipulated 'args' argument in the registerXcodeTools function before passing it to run_lldb.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Detects the CVE-2026-2178 command injection flaw through vulnerability scanning, enabling identification and remediation in rolling release environments.

Security SummaryAI

CVE-2026-2178 is a command injection vulnerability in the r-huijts/xcode-mcp-server project, affecting commits up to f3419f00117aa9949e326f78cc940166c88f18cb. The flaw resides in the registerXcodeTools function within the file src/tools/xcode/index.ts of the run_lldb component, where manipulation of the 'args' argument enables injection. This issue, published on 2026-02-08, carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and maps to CWEs-74 and CWE-77.

The vulnerability allows remote exploitation by attackers possessing low privileges, requiring low attack complexity and no user interaction. Successful exploitation enables limited impacts on confidentiality, integrity, and availability, such as executing arbitrary commands on the server. A public exploit exists, heightening the risk for affected deployments.

Due to the project's rolling release model, specific affected and fixed version numbers are unavailable. Mitigation requires applying the patch commit 11f8d6bacadd153beee649f92a78a9dad761f56f from the GitHub repository. Further details, including discovery and resolution, are documented in GitHub issue #13 and related discussions.

Details

CWE(s)
CWE-74CWE-77

Affected Products

r-huijts
xcode mcp server
≤ 2025-08-26

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Protocol-Specific Risks
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
Matched keywords: mcp

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
attack.mitre.org →
Why these techniques?

Command injection vulnerability in network-accessible server (AV:N/PR:L) enables exploitation of public-facing application (T1190) and arbitrary command execution (T1059).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References