CVE-2026-10691
MEDIUMwonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos
Title source: cnaDescription
A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.
References (9)
Core 9
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-367960 | wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos
https://vuldb.com/vuln/367960
Signature, Permissions Required signature
permissions-required
VDB-367960 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/367960/cti
Third Party Advisory third-party-advisory
CVE-2026-10691 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10691
Third Party Advisory third-party-advisory
Submit #830746 | wonderwhy-er DesktopCommanderMCP 0.2.37 Denial of Service
https://vuldb.com/submit/830746
Exploit exploit
issue-tracking
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/375
Patch issue-tracking
patch
https://github.com/wonderwhy-er/DesktopCommanderMCP/pull/400
Patch patch
https://github.com/wonderwhy-er/DesktopCommanderMCP/commit/4ce845f8749b6a159b57b38dcc3357f7222a8078
Product product
https://github.com/wonderwhy-er/DesktopCommanderMCP/
Scores
CVSS v3
4.3
EPSS
0.0035
EPSS Percentile
27.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1333
CWE-400
Status
published
Products (40)
wonderwhy-er/DesktopCommanderMCP
0.2.0
wonderwhy-er/DesktopCommanderMCP
0.2.1
wonderwhy-er/DesktopCommanderMCP
0.2.10
wonderwhy-er/DesktopCommanderMCP
0.2.11
wonderwhy-er/DesktopCommanderMCP
0.2.12
wonderwhy-er/DesktopCommanderMCP
0.2.13
wonderwhy-er/DesktopCommanderMCP
0.2.14
wonderwhy-er/DesktopCommanderMCP
0.2.15
wonderwhy-er/DesktopCommanderMCP
0.2.16
wonderwhy-er/DesktopCommanderMCP
0.2.17
... and 30 more
Published
Jun 03, 2026
Tracked Since
Jun 03, 2026