PatchSiren

xszyou CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL xszyou CVE published 2026-07-15

CVE-2026-30618

CVE-2026-30618 is a remote code execution vulnerability in xszyou Fay 4.3.1's MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulting in execution of arbitrary commands on the server. This vulnerability has a CVSS score of 9.8 and is c [truncated]