Full Report
Missing Authentication for Critical Function vulnerability (CVE-2026-5029) has been found in Code Runner MCP Server software.
Analysis Summary
# Vulnerability: Unauthenticated Remote Code Execution in Code Runner MCP Server
## CVE Details
- **CVE ID:** CVE-2026-5029
- **CVSS Score:** Not explicitly provided in source (Note: Based on technical details, this typically rates as **Critical 9.8**)
- **CWE:** CWE-306 (Missing Authentication for Critical Function)
## Affected Systems
- **Products:** Code Runner MCP Server
- **Versions:** All versions
- **Configurations:** Systems running with the `--transport http` option.
## Vulnerability Description
The Code Runner MCP Server exposes a JSON-RPC endpoint at `/mcp` on port `3088` when configured to use HTTP transport. The application fails to implement any authentication mechanism for this endpoint. A remote attacker can reach this endpoint and invoke the `run-code` Model Context Protocol (MCP) tool. By supplying arbitrary source code and a language interpreter, the attacker triggers the `child_process.exec()` function, leading to Remote Code Execution (RCE).
## Exploitation
- **Status:** Vulnerability is public; no active exploitation in the wild reported yet.
- **Complexity:** Low
- **Attack Vector:** Network (Remote)
## Impact
- **Confidentiality:** High (Full access to data accessible by the server user)
- **Integrity:** High (Ability to modify files and system configuration)
- **Availability:** High (Ability to crash the system or delete data)
## Remediation
### Patches
- **None:** As of the publication date (May 12, 2026), this vulnerability has **not been fixed** and affects all versions of the project.
### Workarounds
- **Disable HTTP Transport:** Avoid using the `--transport http` flag if the server is exposed to untrusted networks.
- **Network Filtering:** Use a firewall or Security Group to restrict access to port `3088` to trusted IP addresses only.
- **Localhost Binding:** Ensure the server is bound only to `127.0.0.1` if remote access is not required.
- **Reverse Proxy:** Deploy the server behind a reverse proxy (e.g., Nginx or Apache) that implements mandatory authentication (Basic Auth, OAuth, etc.).
## Detection
- **Indicators of Compromise:** Unusual processes spawned by the Code Runner MCP Server user, specifically shells or network reconnaissance tools.
- **Detection methods and tools:** Monitor network logs for unexpected inbound traffic to port `3088/TCP`. Inspect application logs for unauthorized calls to the `/mcp` endpoint using the `run-code` method.
## References
- **CERT Polska Advisory:** hxxps[://]cert[.]pl/en/posts/2026/05/vulnerability-in-code-runner-mcp-server/
- **CVE Record:** hxxps[://]www[.]cve[.]org/CVERecord?id=CVE-2026-5029
- **CWE-306:** hxxps[://]cwe[.]mitre[.]org/data/definitions/306[.]html