CRITICAL
xszyou
CVE published 2026-07-15
CVE-2026-30618
CVE-2026-30618 is a remote code execution vulnerability in xszyou Fay 4.3.1's MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulting in execution of arbitrary commands on the server. This vulnerability has a CVSS score of 9.8 and is c [truncated]