PYSEC-2026-3076

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/stata-mcp/PYSEC-2026-3076.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-3076
Aliases
Published
2026-07-13T14:36:49.980423Z
Modified
2026-07-13T16:33:12.969652260Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution
Details

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution.

References

Affected packages

PyPI / stata-mcp

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.0

Affected versions

0.*
0.1.0
1.*
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.10
1.4.0
1.4.1
1.5.1
1.5.2
1.5.3
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.8.0
1.8.1
1.8.2
1.9.0
1.9.1
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.12.0
1.12.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/stata-mcp/PYSEC-2026-3076.yaml"