Summary
The MCP server WireMCP is vulnerable to command injection due to unsafe use of child_process.exec with user-controlled input in multiple MCP server tools that invoke the external program tshark.
Affected Versions
<= 1.0.0
Vulnerable Code
https://github.com/0xKoda/WireMCP/blob/main/index.js#L62-L65
Details
The MCP server constructs shell command strings to invoke tshark using user-supplied parameters exposed through MCP tools.
The following tools are affected by this unsafe command execution pattern:
capture_packets
get_summary_stats
get_conversations
check_threats
analyze_pcap
extract_credentials
These tools accept LLM-exposed user input parameters such as:
interface
duration
pcapPath
The parameters are interpolated directly into command strings passed to child_process.exec, which executes commands via a system shell.
An attacker can inject shell metacharacters such as ; or && to alter command execution and run arbitrary system commands instead of the intended tshark invocation.
Impact
Arbitrary command execution on the host running the MCP server with the privileges of the WireMCP process.
Recommendation
Replace child_process.exec with execFile or spawn using argument arrays and shell execution disabled.
Apply strict input validation to all tool parameters exposed to MCP clients.
WireMCP bug.pdf
If the user input is not a command-line flag, use the -- notation to terminate command and command-line flag, and indicate that the text after the -- double dash notation is benign value.
Summary
The MCP server WireMCP is vulnerable to command injection due to unsafe use of child_process.exec with user-controlled input in multiple MCP server tools that invoke the external program tshark.
Affected Versions
<= 1.0.0
Vulnerable Code
https://github.com/0xKoda/WireMCP/blob/main/index.js#L62-L65
Details
The MCP server constructs shell command strings to invoke tshark using user-supplied parameters exposed through MCP tools.
The following tools are affected by this unsafe command execution pattern:
capture_packets
get_summary_stats
get_conversations
check_threats
analyze_pcap
extract_credentials
These tools accept LLM-exposed user input parameters such as:
interface
duration
pcapPath
The parameters are interpolated directly into command strings passed to child_process.exec, which executes commands via a system shell.
An attacker can inject shell metacharacters such as ; or && to alter command execution and run arbitrary system commands instead of the intended tshark invocation.
Impact
Arbitrary command execution on the host running the MCP server with the privileges of the WireMCP process.
Recommendation
Replace child_process.exec with execFile or spawn using argument arrays and shell execution disabled.
Apply strict input validation to all tool parameters exposed to MCP clients.
WireMCP bug.pdf
If the user input is not a command-line flag, use the -- notation to terminate command and command-line flag, and indicate that the text after the -- double dash notation is benign value.