Home > Vulnerability Database > CVE-2026-25905

Mend.io Vulnerability Database

CVE-2026-25905

Good to know:

Date: February 9, 2026

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the "mcp-run-python" project is archived and unlikely to receive a fix.

Severity Score

5.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-25905

Url: https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030/

Url: https://www.mend.io/vulnerability-database/CVE-2026-25905

Severity Score

5.8

Weakness Type (CWE)

Improper Isolation or Compartmentalization

CWE-653

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2026-25905

Good to know:

Date: February 9, 2026

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?