HIGH
MarcelRoozekrans
CVE published 2026-05-29
CVE-2026-45555
The Roslyn CodeLens MCP Server, a Roslyn-based Model Context Protocol (MCP) server providing semantic code intelligence for .NET codebases, contains a critical arbitrary code execution vulnerability in versions 0.0.9 through 1.17.0. The `get_diagnostics` MCP tool automatically loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without implementing any allowlist, signatu [truncated]