CVE-2026-2178
high
CVSS v4
2.1
CVSS v3
8.8
VIR risk
8.8
Description
xcode-mcp-server vulnerable to Command Injection
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | xcode-mcp-server | <=1.0.3 | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| r-huijts | xcode_mcp_server | {"endIncluding":"2025-08-26"} | |
References
- https://github.com/r-huijts/xcode-mcp-server/
- https://github.com/r-huijts/xcode-mcp-server/commit/11f8d6bacadd153beee649f92a78a9dad761f56f
- https://github.com/r-huijts/xcode-mcp-server/issues/13
- https://github.com/r-huijts/xcode-mcp-server/issues/13#issue-3878065790
- https://vuldb.com/?ctiid.344881
- https://vuldb.com/?id.344881
- https://vuldb.com/?submit.749569
- https://nvd.nist.gov/vuln/detail/CVE-2026-2178
- https://github.com/r-huijts/xcode-mcp-server
CWEs
CWE-74 CWE-77
💬 Discuss CVE-2026-2178 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.