Lexpl0it

1 exploit Active since Feb 2026
CVE-2026-2131 WRITEUP MEDIUM WRITEUP
XixianLiang HarmonyOS-mcp-server <0.1.0 - Command Injection
A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVSS 6.3