What is GHSA-r87g-78mx-3wg4?

GHSA-r87g-78mx-3wg4 is a security advisory published by GitHub Security Advisories with Low severity. A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This...

Which CVE IDs does GHSA-r87g-78mx-3wg4 cover?

GHSA-r87g-78mx-3wg4 covers the following CVE IDs: CVE-2026-10691. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-r87g-78mx-3wg4?

GHSA-r87g-78mx-3wg4 has a CVSS v3 base score of 4.3, published by GitHub Security Advisories.

GHSA-r87g-78mx-3wg4LowCVSS 4.3

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This...

Vendor

GitHub Security Advisories

Published

June 3, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (1)

CVE-2026-10691 →

📋 Description

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start_search. Performing a manipulation of the argument SearchResult[] results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.2.39 will fix this issue. The patch is named 4ce845f8749b6a159b57b38dcc3357f7222a8078. It is suggested to upgrade the affected component.

🔗 References (11)

https://nvd.nist.gov/vuln/detail/CVE-2026-10691
https://github.com/wonderwhy-er/DesktopCommanderMCP/issues/375
https://github.com/wonderwhy-er/DesktopCommanderMCP/pull/400
https://github.com/wonderwhy-er/DesktopCommanderMCP/commit/4ce845f8749b6a159b57b38dcc3357f7222a8078
https://github.com/wonderwhy-er/DesktopCommanderMCP
https://github.com/wonderwhy-er/DesktopCommanderMCP/releases/tag/v0.2.39
https://vuldb.com/cve/CVE-2026-10691
https://vuldb.com/submit/830746
https://vuldb.com/vuln/367960
https://vuldb.com/vuln/367960/cti
https://github.com/advisories/GHSA-r87g-78mx-3wg4