LOW
hiraishikentaro
CVE published 2026-06-01
CVE-2026-10279
A command injection vulnerability exists in hiraishikentaro wezterm-mcp version 0.1.0, specifically within the `src/wezterm_executor.ts` file in the `switch_pane`/`write_to_specific_pane` component. The `request.params.arguments.pane_id` parameter is insufficiently sanitized, allowing an attacker to inject operating system commands. The attack vector is network-based and requires low privileges with no us [truncated]