PatchSiren

611711Dark CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL 611711Dark CVE published 2026-05-15

CVE-2026-44717

CVE-2026-44717 is a critical remote code execution vulnerability in MCP Calculate Server affecting versions prior to 0.1.1. The issue stems from use of eval() to evaluate mathematical expressions without proper input sanitization, which can let an attacker execute arbitrary code on the server. The vulnerability was reported in a GitHub security advisory and fixed in 0.1.1.