CVE-2026-44717

9.8 CRITICAL

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library

Published: 2026-05-15 · Last updated: 2026-05-18

Severity and scoring

CVSS: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94

Description

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44717
[Other]https://github.com/611711Dark/mcp_calculate_server/security/advisories/GHSA-2mgq-7rfg-rwpj

Related CVEs

Same CWE

CVE-2026-52860 — Vim is an open source, command line text editor
CVE-2026-52858 — Vim is an open source, command line text editor
CVE-2026-47167 — Vim is an open source, command line text editor
CVE-2026-47162 — Vim is an open source, command line text editor
CVE-2026-44495 — Axios is a promise based HTTP client for the browser and Node.js (7.0 HIGH)